Add header rule problem - SpamAssassin

This is a discussion on Add header rule problem - SpamAssassin ; Hello, I have been trying to add simple rule. # eset header ESET_SP X-Eset-AntiSpam =~ /^SPAM/ describe ESET_SP Marked by Eset score ESET_SP 0.1 It s the header: X-Eset-AntiSpam: SPAM;95;calc;2008-08-11 15:13:18;0808111513189668;B18F It doesn`t work. I have tried: header ESET_SP Subject ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Add header rule problem

  1. Add header rule problem


    Hello,
    I have been trying to add simple rule.
    # eset
    header ESET_SP X-Eset-AntiSpam =~ /^SPAM/
    describe ESET_SP Marked by Eset
    score ESET_SP 0.1

    It s the header: X-Eset-AntiSpam: SPAM;95;calc;2008-08-11
    15:13:18;0808111513189668;B18F

    It doesn`t work.

    I have tried:
    header ESET_SP Subject =~ /^SPAM/
    describe ESET_SP Marked by Eset
    score ESET_SP 0.1

    and in Subject was written: SPAM;95;calc;2008-08-11
    15:13:18;0808111513189668;B18F .
    It works.

    I`m confused. What s wrong.
    Thanks in advance. Filip
    --
    View this message in context: http://www.nabble.com/Add-header-rul...p18939249.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  2. Re: Add header rule problem


    > From: mezcal
    > Date: Tue, 12 Aug 2008 00:22:55 -0700 (PDT)
    > To:
    > Subject: Add header rule problem
    >
    >
    > Hello,
    > I have been trying to add simple rule.
    > # eset
    > header ESET_SP X-Eset-AntiSpam =~ /^SPAM/
    > describe ESET_SP Marked by Eset
    > score ESET_SP 0.1



    Looks ok what does lint say?
    When you run spamassassin on that message with debug, what does it day?
    Also, don't do both at the same time.


    --
    Michael Scheidell, CTO
    >|SECNAP Network Security

    Winner 2008 Network Products Guide Hot Companies
    FreeBSD SpamAssassin Ports maintainer

    __________________________________________________ _______________________
    This email has been scanned and certified safe by SpammerTrap(r).
    For Information please see http://www.spammertrap.com
    __________________________________________________ _______________________


  3. Re: Add header rule problem


    Thanks for your replay.
    spamassassin --lint says nothing

    spamassassin -D
    [19740] dbg: logger: adding facilities: all
    [19740] dbg: logger: logging level is DBG
    [19740] dbg: generic: SpamAssassin version 3.1.9
    [19740] dbg: config: score set 0 chosen.
    [19740] dbg: util: running in taint mode? yes
    [19740] dbg: util: taint mode: deleting unsafe environment variables,
    resetting PATH
    [19740] dbg: util: PATH included '/usr/kerberos/sbin', keeping
    [19740] dbg: util: PATH included '/usr/kerberos/bin', keeping
    [19740] dbg: util: PATH included '/usr/local/sbin', keeping
    [19740] dbg: util: PATH included '/usr/local/bin', keeping
    [19740] dbg: util: PATH included '/sbin', keeping
    [19740] dbg: util: PATH included '/bin', keeping
    [19740] dbg: util: PATH included '/usr/sbin', keeping
    [19740] dbg: util: PATH included '/usr/bin', keeping
    [19740] dbg: util: PATH included '/root/bin', which doesn't exist, dropping
    [19740] dbg: util: final PATH set to:
    /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    [19740] dbg: message: ---- MIME PARSER START ----
    [19740] dbg: message: main message type: text/plain
    [19740] dbg: message: parsing normal part
    [19740] dbg: message: added part, type: text/plain
    [19740] dbg: message: ---- MIME PARSER END ----
    [19740] dbg: dns: is Net:NS::Resolver available? yes
    [19740] dbg: dns: Net:NS version: 0.59

    spamassassin -t message says:
    1.7 SUBJECT_ENCODED_TWICE Subject: MIME encoded twice
    3.5 SUBJ_RUSS_CHAR has Russian char encoding
    0.1 ESET_SP marked by Eset
    2.2 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
    IP)
    3.8 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
    2)
    1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
    0.0 HTML_MESSAGE BODY: HTML included in message
    3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99%
    [score: 0.9761]
    2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
    address
    [84.126.250.89 listed in dnsbl.sorbs.net]
    1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
    [Blocked - see
    ]
    3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
    [84.126.250.89 listed in sbl-xbl.spamhaus.org]
    It works.

    But the other messages have not "0.1 ESET_SP marked by Eset"
    in header.

    Is it possible that this rule works but it isn`t written in header?



    Michael Scheidell wrote:
    >
    >
    >> From: mezcal
    >> Date: Tue, 12 Aug 2008 00:22:55 -0700 (PDT)
    >> To:
    >> Subject: Add header rule problem
    >>
    >>
    >> Hello,
    >> I have been trying to add simple rule.
    >> # eset
    >> header ESET_SP X-Eset-AntiSpam =~ /^SPAM/
    >> describe ESET_SP Marked by Eset
    >> score ESET_SP 0.1

    >
    >
    > Looks ok what does lint say?
    > When you run spamassassin on that message with debug, what does it day?
    > Also, don't do both at the same time.
    >
    >
    > --
    > Michael Scheidell, CTO
    >>|SECNAP Network Security

    > Winner 2008 Network Products Guide Hot Companies
    > FreeBSD SpamAssassin Ports maintainer
    >
    > __________________________________________________ _______________________
    > This email has been scanned and certified safe by SpammerTrap(r).
    > For Information please see http://www.spammertrap.com
    > __________________________________________________ _______________________
    >
    >


    --
    View this message in context: http://www.nabble.com/Add-header-rul...p18940151.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  4. Re: Add header rule problem

    mezcal wrote:
    > Hello,
    > I have been trying to add simple rule.
    > # eset
    > header ESET_SP X-Eset-AntiSpam =~ /^SPAM/
    > describe ESET_SP Marked by Eset
    > score ESET_SP 0.1
    >
    > It s the header: X-Eset-AntiSpam: SPAM;95;calc;2008-08-11
    > 15:13:18;0808111513189668;B18F
    >

    Quick suggestion to try:

    X-Eset-AntiSpam =~ /^\s*SPAM/


    This will match any excessive whitespace before the word "SPAM".

    If that doesn't work, you might want to try a much simpler rule that
    will be a sure-fire match:

    header ESET_SP X-Eset-AntiSpam =~ /SPAM/
    describe ESET_SP Marked by Eset
    score ESET_SP 0.1

    header ESET_EXISTS X-Eset-AntiSpam =~ /^SPAM/
    describe ESET_EXISTS Seen by Eset
    score ESET_EXISTS 0.1

    Those will help you test to make sure SA even sees the X-Eset-AntiSpam header at all.


    As always, be sure to run a spamassassin --lint, to make sure it says nothing, and if you're using spamd (or an API level tool like MailScanner) be sure to restart it. (or do your tests using spamassassin on the command line, which will read the whole config without using spamd at all)


  5. Re: Add header rule problem


    Hello,
    thanks for your sugesstions.
    spamassassin works in commad line so I think it isn`t syntax problem of the
    config file. I restarted server. I updated SpamAssassin to verison 3.2.4.
    The spamd doesn`t work. I`m not spamassassin specialist. Maybe it`s a bug.


    Matt Kettler-3 wrote:
    >
    > mezcal wrote:
    >> Hello,
    >> I have been trying to add simple rule.
    >> # eset
    >> header ESET_SP X-Eset-AntiSpam =~ /^SPAM/
    >> describe ESET_SP Marked by Eset
    >> score ESET_SP 0.1
    >>
    >> It s the header: X-Eset-AntiSpam: SPAM;95;calc;2008-08-11
    >> 15:13:18;0808111513189668;B18F
    >>

    > Quick suggestion to try:
    >
    > X-Eset-AntiSpam =~ /^\s*SPAM/
    >
    >
    > This will match any excessive whitespace before the word "SPAM".
    >
    > If that doesn't work, you might want to try a much simpler rule that
    > will be a sure-fire match:
    >
    > header ESET_SP X-Eset-AntiSpam =~ /SPAM/
    > describe ESET_SP Marked by Eset
    > score ESET_SP 0.1
    >
    > header ESET_EXISTS X-Eset-AntiSpam =~ /^SPAM/
    > describe ESET_EXISTS Seen by Eset
    > score ESET_EXISTS 0.1
    >
    > Those will help you test to make sure SA even sees the X-Eset-AntiSpam
    > header at all.
    >
    >
    > As always, be sure to run a spamassassin --lint, to make sure it says
    > nothing, and if you're using spamd (or an API level tool like MailScanner)
    > be sure to restart it. (or do your tests using spamassassin on the command
    > line, which will read the whole config without using spamd at all)
    >
    >
    >
    >
    >
    >
    >
    >


    --
    View this message in context: http://www.nabble.com/Add-header-rul...p18958663.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  6. Re: Add header rule problem

    mezcal wrote:
    > Hello,
    > thanks for your sugesstions.
    > spamassassin works in commad line so I think it isn`t syntax problem of the
    > config file. I restarted server. I updated SpamAssassin to verison 3.2.4.
    > The spamd doesn`t work. I`m not spamassassin specialist. Maybe it`s a bug.
    >


    Well, if "spamassassin" works on the command line, have you tried spamc
    on the command line? That will test if spamd is doing the right thing or
    not.

    In general, what's your setup for calling SA when mail is delivered?


  7. Re: Add header rule problem


    It s my mistake. :blush:

    It was caused by my spam delivery setup. I thought that nod32 was first and
    spamfilter was second.
    The spamfilter tested emails which were not tagged by nod32.

    Thanks for all.


    Matt Kettler-3 wrote:
    >
    > mezcal wrote:
    >> Hello,
    >> thanks for your sugesstions.
    >> spamassassin works in commad line so I think it isn`t syntax problem of
    >> the
    >> config file. I restarted server. I updated SpamAssassin to verison
    >> 3.2.4.
    >> The spamd doesn`t work. I`m not spamassassin specialist. Maybe it`s a
    >> bug.
    >>

    >
    > Well, if "spamassassin" works on the command line, have you tried spamc
    > on the command line? That will test if spamd is doing the right thing or
    > not.
    >
    > In general, what's your setup for calling SA when mail is delivered?
    >
    >
    >


    --
    View this message in context: http://www.nabble.com/Add-header-rul...p18963506.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


+ Reply to Thread