Creating a Spamassassin Rule

[aynur.yilmaz]

Hi everyone,

I want to block incoming mails with the title "Reddit".
The rules I wrote below were useless.

root@pmg:/etc/mail/spamassassin# cat custom.cf
header         SENDER_BLOCK    ALL =~ /^Reddit\:/m
score           SENDER_BLOCK    10

or

root@pmg:/etc/mail/spamassassin# cat custom.cf
header         SENDER_BLOCK    From =~ /\bReddit\b/i
score           SENDER_BLOCK    10

Can you help me write the correct rule? Thanks.

 

[hata_ph]

You want rule filter by Subject or From email address?

 

[aynur.yilmaz]

You want rule filter by Subject or From email address?

From email address

 

[hata_ph]

Try What object match field ^.*".*".*<.*>.*$ or ^.*"Reddit|LinkedIn".*<.*>.*$

 

[aynur.yilmaz]

Try What object match field ^.*".*".*<.*>.*$ or ^.*"Reddit|LinkedIn".*<.*>.*$

View attachment 34231

I tried the filters but I still get emails with display names "Reddit" and "LinkedIn".

 

[hata_ph]

Pls provide raw format of the spam mail for checking.

 

[aynur.yilmaz]

Pls provide raw format of the spam mail for checking.

Return-Path: <dean@sdncommunications.com>
Received: from xxx (LHLO xxx)
 (172.16.205.77) by xxx with LMTP; Thu, 10 Feb 2022 21:58:00
 +0300 (EET)
Received: from localhost (localhost [127.0.0.1])
    by xxx (Postfix) with ESMTP id CD03060062E9;
    Thu, 10 Feb 2022 21:58:00 +0300 (+03)
X-Virus-Scanned: amavisd-new at xxx
X-Spam-Flag: YES
X-Spam-Score: 12.732
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.732 required=6.6 tests=[BAYES_99=3.5,
    BAYES_999=0.2, DATE_IN_FUTURE_06_12=1.947, FSL_HELO_NON_FQDN_1=0.001,
    HELO_LOCALHOST=3.828, HTML_FONT_LOW_CONTRAST=0.001,
    HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1,
    NORDNS_LOW_CONTRAST=2.349, NO_DNS_FOR_FROM=0.001, RDNS_NONE=0.793,
    T_SPF_TEMPERROR=0.01] autolearn=no autolearn_force=no
Received: from xxx ([127.0.0.1])
    by localhost (xxx [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id knN3qhNyAhCK; Thu, 10 Feb 2022 21:58:00 +0300 (+03)
Received: from localhost (unknown [103.6.236.43])
    by xxx (Postfix) with ESMTP id 2C3D1600511F
    for <yyy@xxx>; Thu, 10 Feb 2022 21:57:58 +0300 (+03)
Date: Fri, 11 Feb 2022 02:24:40 +0000
To: yyy@xxx
From: Reddit <dean@sdncommunications.com>
Content-Transfer-Encoding: base64
Annihilate-Corrupted-Perilously: 719FB49CAC7
MIME-Version: 1.0
Message-ID: <8a849661ff6-328f1@sdncommunications.com>
Content-Type: text/html; charset=UTF-8
Subject: byers just followed you
X-Zimbra-DL: yyy@xxx

 

[hata_ph]

Based on the spam mail, the from format is Reddit <dean@sdncommunications.com>.

Try this regex ^(Reddit|Linkedin) <.*>.*$

 

[hata_ph]

Based on your spam mail, there is no "Reddit".

From: Reddit <dean@sdncommunications.com>

 

[aynur.yilmaz]

Okay, thanks, successful !!