Filtering by word in subject and/or body?

J

Juan Carmona

New Member
Oct 24, 2006
23
0
1
Hi there

Due to an notable increment of spam received we need to make a filter by word(s) at subject and/or body of mail messages. Is it possible? How?

Thanks in advance,

Juan Carmona
 
Last edited:
Sorry Tom! I was thinking in Martin at writing the previous post... Hahahah :D

Best regards and thanks again,

Juan Carmona
 
Filtering mail by words. Is it possible?

Hi guys

After the 1.6 upgrade we continue receiving a kind, specific, of spam with a image inline. We have the OCR active but no way to avoid this mails. Is for that reason I would like to know if there is any capability at Proxmox to filter mails by words in the body.

Thanks in advance,

Juan Carmona
 
Juan Carmona said:
Hi guys

After the 1.6 upgrade we continue receiving a kind, specific, of spam with a image inline. We have the OCR active but no way to avoid this mails. Is for that reason I would like to know if there is any capability at Proxmox to filter mails by words in the body.

Thanks in advance,

Juan Carmona
Click to expand...

Hi juan,

please send me a sample of 10 spam emails which are not catched by your proxmox. Please save the emails in *.eml format and send it in zip file directly to me, t.huber@proxmox.com (we need the complete original header to see whats going on)

please also attach a backup of your proxmox configuration to check the rules.

what is your actual spam detection rate? (how many spam emails are catched, how many not - please count them manually)?

This is the first step, if you really want to try custom filtering, here is short sample. Please use with care, high risk of creating false positives:

log in the console and create a custom.cf file. here is a sample for the word joke.


> nano /etc/mail/spamassassin/custom.cf


body JOKE /joke/i
describe JOKE Contains the word joke
score JOKE 5


> /etc/init.d/proxprox restart

 
Hi Tom

Seems that the Proxmox learning process is getting better as times goes by ;-) The quantity of spam (those wiht images inline) not detected decreased in a few days.

Thanks for your support.

Juan
 
> nano /etc/mail/spamassassin/custom.cf


body JOKE /joke/i
describe JOKE Contains the word joke
score JOKE 5


> /etc/init.d/proxprox restart

Does this only work for one word at a time or can phrases be used?
 
oakleeman said:
> nano /etc/mail/spamassassin/custom.cf


body JOKE /joke/i

Does this only work for one word at a time or can phrases be used?
Click to expand...

You can use the full power of perl regular expressions. Take a look at the following manual pages if you want more info:

> man Mail::Spamassassin::Conf
> man perlre

Also, file /usr/share/spamassassin/20_drugs.cf is a good example to start from (that file is used to detect various drugs). It contains various header and body tests.

- Dietmar
 
This rule refers to the body of the messages, isn't it?
Could it be modified to make it refer to subject?
This way of modifiying/adding rules works with the
free version of Proxmox?

> body JOKE /joke/i
> describe JOKE Contains the word joke
> score JOKE 5

I was aware the free version didn't allow to add more rules,
only modify the existing ones.
 
hi,

albatroz said:
This rule refers to the body of the messages, isn't it?
Could it be modified to make it refer to subject?
This way of modifiying/adding rules works with the
free version of Proxmox?
> body JOKE /joke/i
> describe JOKE Contains the word joke
> score JOKE 5
Click to expand...

yes, custom spamassassin rules works also on free version. but I do not recommend doing this if you are not an expert in regular expressions (see posts above).
albatroz said:

I was aware the free version didn't allow to add more rules,
only modify the existing ones.
Click to expand...

yes, you are right - but rules on the web interface does not refer to custom spamassassin rules.
 
albatroz said:
This rule refers to the body of the messages, isn't it?
Could it be modified to make it refer to subject?
Click to expand...

use a 'header' test instead of 'body' - please take a look at the manual page for a detailed description (man Mail::Spamassassin::Conf):

header JOKE Subject =~ /joke/i
albatroz said:
This way of modifiying/adding rules works with the
free version of Proxmox?
Click to expand...
yes
albatroz said:
> body JOKE /joke/i
> describe JOKE Contains the word joke
> score JOKE 5

I was aware the free version didn't allow to add more rules,
only modify the existing ones.
Click to expand...

You can add arbitrary SA rules. Only the web-based rule system is restricted.

- Dietmar
 
Greetings i am testing the rules and they do not apply:

/etc/mail/spamassassin/custom.cf
Code: 
header          __CHEESE_RULE1    Subject =~ /\bcheese1/i
describe        __CHEESE_RULE1    From header word cheese1
score             __CHEESE_RULE1    40.0

body              __CHEESE_RULE2    /\bcheese1/i
describe        __CHEESE_RULE2    From body word cheese1
score             __CHEESE_RULE2    40.0

The part of the header, no rule on the headers:

Code: 
Subject: This is a cheese1 test
...
X-SPAM-LEVEL: Spam detection results:  0
    BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
    DKIM_SIGNED               0.1 Message has a DKIM or DK signature, not necessarily valid
    DKIM_VALID               -0.1 Message has at least one valid DKIM or DK signature
    DKIM_VALID_AU            -0.1 Message has a valid DKIM or DK signature from author's domain
    DKIM_VALID_EF            -0.1 Message has a valid DKIM or DK signature from envelope-from domain
    FREEMAIL_FROM           0.001 Sender email is commonly abused enduser mail provider (someusertest[at]yahoo.com)
    HTML_IMAGE_ONLY_16      1.092 HTML: images with 1200-1600 bytes of words
    HTML_MESSAGE            0.001 HTML included in message
    KAM_LIVE                    1 blogspot.com & livejournal.com likely spam (Apr 2010)
    RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/, no trust
    SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
    SPF_PASS               -0.001 SPF: sender matches SPF record
    T_REMOTE_IMAGE           0.01 Message contains an external image


It is suppose to restart the filter and apply the rules running following cmd line:

systemctl restart pmg-smtp-filter.service

But no success
 
Last edited:
The output is as follow:

Code: 
# spamassassin -D --lint 2>&1 | grep -i failed
Oct 22 13:12:29.822 [22072] dbg: diag: [...] module not installed: Digest::SHA1 ('require' failed)
Oct 22 13:12:29.822 [22072] dbg: diag: [...] module not installed: Net::Patricia ('require' failed)
Oct 22 13:12:29.823 [22072] dbg: diag: [...] module not installed: BSD::Resource ('require' failed)
Oct 22 13:12:31.269 [22072] dbg: config: warning: no description set for KAM_RPTR_FAILED
Oct 22 13:12:32.078 [22072] dbg: rules: CBJ_GiveMeABreak merged duplicates: KAM_IFRAME KAM_RAPTOR KAM_RPTR_FAILED KAM_RPTR_PASSED KAM_RPTR_SUSPECT

I have install the 3 modules by doing:

perl -MCPAN -e shell install CPAN reload cpan install Digest::SHA1 install Net::Patricia install BSD::Resource reload cpan

And now the output is:

Code: 
# spamassassin -D --lint 2>&1 | grep -i failed
Oct 22 13:39:17.784 [31709] dbg: config: warning: no description set for KAM_RPTR_FAILED
Oct 22 13:39:18.330 [31709] dbg: rules: CBJ_GiveMeABreak merged duplicates: KAM_IFRAME KAM_RAPTOR KAM_RPTR_FAILED KAM_RPTR_PASSED KAM_RPTR_SUSPECT

I Have test after the changes and nothing changed:

Subject: This cheese1 is for you
...
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.325 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider (someusertest[at]yahoo.com)
RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust
RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2)
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Click to expand...
 
Last edited:
nano /etc/mail/spamassassin/custom.cf


body rule1 /\bTest3131Test\b/i
score rule1 40

body rule2 /\bTest@@@Test\b/i
score rule2 40

body rule3 /\bTestviagraTest\b/i
score rule3 40

****


systemctl restart pmg-smtp-filter.service


after that any mail containing test@@@test is blocked.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back