rule based on time - SpamAssassin

This is a discussion on rule based on time - SpamAssassin ; ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: rule based on time

  1. Re: rule based on time


  2. rule based on time


    Hello Guys,

    Is it possible to write a rule that matches based on the current
    time of the host running spamassassin ?? I would like to simply add,
    let's say, 1 point for EVERY message received during night, for example,
    9PM until 6AM.

    is that possible to write that rule ?

    --


    Atenciosamente / Sincerily,
    Leonardo Rodrigues
    Solutti Tecnologia
    http://www.solutti.com.br

    Minha armadilha de SPAM, NÃO mandem email
    gertrudes@solutti.com.br
    My SPAMTRAP, do not email it


  3. Re: rule based on time

    Leonardo Rodrigues Magalhães wrote:
    >
    > Hello Guys,
    >
    > Is it possible to write a rule that matches based on the current
    > time of the host running spamassassin ?? I would like to simply add,
    > let's say, 1 point for EVERY message received during night, for
    > example, 9PM until 6AM.
    >
    > is that possible to write that rule ?
    >

    You'd have to write a plugin for it.


  4. Re: rule based on time


    On Sun, 2008-06-15 at 11:41, Leonardo Rodrigues Magalhães wrote:
    > Hello Guys,
    >
    > Is it possible to write a rule that matches based on the current
    > time of the host running spamassassin ?? I would like to simply add,
    > let's say, 1 point for EVERY message received during night, for example,
    > 9PM until 6AM.
    >
    > is that possible to write that rule ?


    Something like:

    header Received =~ /hostname.* (2[1-3],0[0-8]):/

    may do it. "hostname" is the name of the final MTA host in the received
    chain and " (2[1-3],0[0-8]):" is intended to match the hour when it was
    received, but is probably wrong.

    IOW, match the hour in the last Received: header in the mail delivery
    chain. If you're running Postfix this Received: header would be matched
    by "Received =~ by" while the rest would match "Received =~ from" but I
    don't know if that would work with other MTAs.


    Martin Gregorie


  5. RE: rule based on time

    > -----Original Message-----
    > From: Martin Gregorie [mailto:martin@gregorie.org]
    > Sent: Sunday, June 15, 2008 2:45 PM
    > To: ML spamassassin
    > Subject: Re: rule based on time
    >
    >
    > On Sun, 2008-06-15 at 11:41, Leonardo Rodrigues Magalhães wrote:
    > > Hello Guys,
    > >
    > > Is it possible to write a rule that matches based on the current
    > > time of the host running spamassassin ?? I would like to simply add,
    > > let's say, 1 point for EVERY message received during night, for

    > example,
    > > 9PM until 6AM.
    > >
    > > is that possible to write that rule ?

    >
    > Something like:
    >
    > header Received =~ /hostname.* (2[1-3],0[0-8]):/


    I guess it should be something like:

    header NIGTHMARE Received =~ m'by your\.internal\.host\s.*\s(?:2[1-3]|0[0-6])(?::[0-9][0-9]){2}'

    Please note I didn't test it.

    This, of course, if your internal relays put the localtime in their received lines, otherwise you have to adjust for localtime to UTC. And occasionally for the daylight-saving offset.

    One could use the X-Spam-Relays-Internal keyword instead of the Received one, but it doesn't seem to report any date and time. What about X-Spam-Relays-Internal:raw?

    Giampaolo



    >
    > may do it. "hostname" is the name of the final MTA host in the received
    > chain and " (2[1-3],0[0-8]):" is intended to match the hour when it was
    > received, but is probably wrong.
    >
    > IOW, match the hour in the last Received: header in the mail delivery
    > chain. If you're running Postfix this Received: header would be matched
    > by "Received =~ by" while the rest would match "Received =~ from" but I
    > don't know if that would work with other MTAs.
    >
    >
    > Martin Gregorie
    >
    >



  6. RE: rule based on time

    Sorry, this is wrong.

    See my later post.

    Giampaolo

    > -----Original Message-----
    > From: Giampaolo Tomassoni [mailto:g.tomassoni@libero.it]
    > Sent: Sunday, June 15, 2008 3:03 PM
    > To: 'ML spamassassin'
    > Subject: RE: rule based on time
    >
    > > -----Original Message-----
    > > From: Matt Kettler [mailto:mkettler_sa@verizon.net]
    > > Sent: Sunday, June 15, 2008 2:08 PM
    > > To: Leonardo Rodrigues Magalhães
    > > Cc: ML spamassassin
    > > Subject: Re: rule based on time
    > >
    > > Leonardo Rodrigues Magalhães wrote:
    > > >
    > > > Hello Guys,
    > > >
    > > > Is it possible to write a rule that matches based on the current
    > > > time of the host running spamassassin ?? I would like to simply

    > add,
    > > > let's say, 1 point for EVERY message received during night, for
    > > > example, 9PM until 6AM.
    > > >
    > > > is that possible to write that rule ?
    > > >

    > > You'd have to write a plugin for it.

    >
    > If you trust the date and time of your internal relays, what about
    > something
    > like this:
    >
    > header NIGTHMARE X-Spam-Relays-Internal =~
    > m'(?:09|10|11|0[0-6])(?::[0-9][0-9]){2}'
    >
    > ?
    >
    > Please note I didn't try it...
    >
    > Giampaolo



  7. Re: rule based on time


    On Sun, June 15, 2008 14:08, Matt Kettler wrote:

    > You'd have to write a plugin for it.


    or use some handcrafted regexp's :-)


    Benny Pedersen
    Need more webspace ? http://www.servage.net/?coupon=cust37098


  8. Re: rule based on time


    On Sun, 2008-06-15 at 07:41 -0300, Leonardo Rodrigues Magalhães wrote:
    > Hello Guys,
    >
    > Is it possible to write a rule that matches based on the current
    > time of the host running spamassassin ?? I would like to simply add,
    > let's say, 1 point for EVERY message received during night, for example,
    > 9PM until 6AM.
    >
    > is that possible to write that rule ?



    Yes. Write a regex that checks the time from of the Received: header
    that your MTA adds.

    Post a sample Received: header from your MTA and I'll take a shot at it.


    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    Liberals love sex ed because it teaches kids to be safe around their
    sex organs. Conservatives love gun education because it teaches kids
    to be safe around guns. However, both believe that the other's
    education goals lead to dangers too terrible to contemplate.
    -----------------------------------------------------------------------
    3 days until SWMBO's Birthday


  9. Re: rule based on time



    John Hardin escreveu:
    >
    > Yes. Write a regex that checks the time from of the Received: header
    > that your MTA adds.
    >
    > Post a sample Received: header from your MTA and I'll take a shot at it.
    >
    >


    Received line added by my MTA, which is a postfix, would be
    something like:


    Received: from smtp2.mailcluster.com.br (smtp2.mailcluster.com.br
    [209.85.59.204])
    by correio.mydomain.com.br (Postfix) with SMTP id 22CA4138002
    for ; Sun, 15 Jun 2008 21:35:50 -0300 (BRT)


    There's another Received line, which is inserted by the second port
    of postfix, which receives the message AFTER passing amavis ..... but as
    it's added after SA rules, it cant be used. So the Received line that
    could be used to match my needs if the one above.

    If you could help me with the regex, i would be very glad

    --


    Atenciosamente / Sincerily,
    Leonardo Rodrigues
    Solutti Tecnologia
    http://www.solutti.com.br

    Minha armadilha de SPAM, NÃO mandem email
    gertrudes@solutti.com.br
    My SPAMTRAP, do not email it


  10. RE: rule based on time

    > -----Original Message-----
    > From: Leonardo Rodrigues Magalhães [mailto:leolistas@solutti.com.br]
    > Sent: Monday, June 16, 2008 2:52 AM
    > To: ML spamassassin
    > Subject: Re: rule based on time
    >
    >
    >
    > John Hardin escreveu:
    > >
    > > Yes. Write a regex that checks the time from of the Received: header
    > > that your MTA adds.
    > >
    > > Post a sample Received: header from your MTA and I'll take a shot at

    > it.
    > >
    > >

    >
    > Received line added by my MTA, which is a postfix, would be
    > something like:
    >
    >
    > Received: from smtp2.mailcluster.com.br (smtp2.mailcluster.com.br
    > [209.85.59.204])
    > by correio.mydomain.com.br (Postfix) with SMTP id 22CA4138002
    > for ; Sun, 15 Jun 2008 21:35:50 -0300
    > (BRT)


    Try the following, then:

    header NIGTHMARE Received =~ m'by correio\.mydomain\.
    com\.br\s.*\s(?:2[1-3]|0[0-6])(?::[0-9]{2}){2}'
    describe NIGHTMARE Bad things you get during night
    score NIGHTMARE 1.000

    Ciao,

    Giampaolo

    >
    >
    > There's another Received line, which is inserted by the second port
    > of postfix, which receives the message AFTER passing amavis ..... but
    > as
    > it's added after SA rules, it cant be used. So the Received line that
    > could be used to match my needs if the one above.
    >
    > If you could help me with the regex, i would be very glad
    >
    > --
    >
    >
    > Atenciosamente / Sincerily,
    > Leonardo Rodrigues
    > Solutti Tecnologia
    > http://www.solutti.com.br
    >
    > Minha armadilha de SPAM, NÃO mandem email
    > gertrudes@solutti.com.br
    > My SPAMTRAP, do not email it
    >
    >



+ Reply to Thread