Spam not filtered through custom rule

[xazer]

Hello,

can someone point me to the problem why for example this mail:

Feb 28 02:10:01 mailgw postfix/smtpd[999799]: connect from mail.neos.north-kazakhstan.su[77.87.212.22]
Feb 28 02:10:01 mailgw postfix/smtpd[999799]: AA668C00CF: client=mail.neos.north-kazakhstan.su[77.87.212.22]
Feb 28 02:10:01 mailgw postfix/cleanup[999804]: AA668C00CF: message-id=<00404177B88052254I73740062U28021146W@olhumbs>
Feb 28 02:10:01 mailgw postfix/smtpd[999799]: disconnect from mail.neos.north-kazakhstan.su[77.87.212.22] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Feb 28 02:10:01 mailgw postfix/qmgr[827748]: AA668C00CF: from=<olhumbs@neos.north-kazakhstan.su>, size=76725, nrcpt=1 (queue active)
Feb 28 02:10:02 mailgw pmg-smtp-filter[996669]: C0EF463FD5469EEFF3: new mail message-id=<00404177B88052254I73740062U28021146W@olhumbs>#012
Feb 28 02:10:03 mailgw pmg-smtp-filter[996669]: C0EF463FD5469EEFF3: SA score=1/5 time=1.615 bayes=undefined autolearn=disabled hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HTML_IMAGE_ONLY_08(1.781),HTML_IMAGE_RATIO_02(0.001),HTML_MESSAGE(0.001),HTML_SHORT_LINK_IMG_1(0.139),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_TVD_MIME_EPI(0.01),URIBL_BLOCKED(0.001)
Feb 28 02:10:03 mailgw postfix/smtpd[999809]: connect from ip6-localhost[127.0.0.1]
Feb 28 02:10:03 mailgw postfix/smtpd[999809]: AC720C2D79: client=ip6-localhost[127.0.0.1], orig_client=mail.neos.north-kazakhstan.su[77.87.212.22]
Feb 28 02:10:03 mailgw postfix/cleanup[999804]: AC720C2D79: message-id=<00404177B88052254I73740062U28021146W@olhumbs>
Feb 28 02:10:03 mailgw postfix/qmgr[827748]: AC720C2D79: from=<olhumbs@neos.north-kazakhstan.su>, size=77880, nrcpt=1 (queue active)
Feb 28 02:10:03 mailgw pmg-smtp-filter[996669]: C0EF463FD5469EEFF3: accept mail to <xyz@xyz.de> (AC720C2D79) (rule: default-accept)

is not filtered and quarantined by this rule and regex?




I can't find the problem here.

 

[djheiks]

Hi xazer,

can you test this

.*([0-9a-z|-]+\.)[0-9a-z|-]+\.(su)+

kind regards
djheiks

 

[xazer]

Hi xazer,

can you test this

.*([0-9a-z|-]+\.)[0-9a-z|-]+\.(su)+

kind regards
djheiks

Yes, it worked thank you.

Mar 2 18:43:32 mailgw postfix/smtpd[1072015]: connect from mail.jostalles.azerbaijan.su[62.173.154.168]
Mar 2 18:43:32 mailgw postfix/smtpd[1072015]: 211C7C0139: client=mail.jostalles.azerbaijan.su[62.173.154.168]
Mar 2 18:43:32 mailgw postfix/cleanup[1072019]: 211C7C0139: message-id=<23538108S31474215T62113432N36211820M@eycupxc>
Mar 2 18:43:32 mailgw postfix/smtpd[1072015]: disconnect from mail.jostalles.azerbaijan.su[62.173.154.168] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Mar 2 18:43:32 mailgw postfix/qmgr[1010045]: 211C7C0139: from=<eycupxc@jostalles.azerbaijan.su>, size=204147, nrcpt=1 (queue active)
Mar 2 18:43:33 mailgw pmg-smtp-filter[1068144]: C01DB6400E0450EF55: new mail message-id=<23538108S31474215T62113432N36211820M@eycupxc>#012
Mar 2 18:43:34 mailgw pmg-smtp-filter[1068144]: C01DB6400E0450EF55: SA score=1/5 time=1.567 bayes=undefined autolearn=disabled hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HTML_IMAGE_ONLY_08(1.781),HTML_IMAGE_RATIO_02(0.001),HTML_MESSAGE(0.001),HTML_SHORT_LINK_IMG_1(0.139),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_TVD_MIME_EPI(0.01),URIBL_BLOCKED(0.001)
Mar 2 18:43:34 mailgw pmg-smtp-filter[1068144]: C01DB6400E0450EF55: moved mail for <zzzzz@zzzzzz.de> to spam quarantine - BFD996400E046BA033 (rule: Sketchy TLDs)