SpamAssassin Custom Rules not working

M

max046

New Member
Feb 26, 2024
25
3
3
I'm trying to add a rule that would block all incoming letters that have a link or hyperlink in the body of the letter in the form
https://reprievefamily.org/absio/chosenmopol/?login=user@domain.local To do this, I made a rule in custom.cf:

Code: 
body URL_BLOCK /https?:\/\/[^\s"<]+@[dD][oOG][mA][iI][nN]\.[lL][oO][cC][aA][lL]\b/
describe URL_BLOCK "Blocked message containing URL with @domain.local"
score URL_BLOCK 20.0
then I run spamassassin -D --lint
then pmgconfig sync --restart 1
But when you try to send a letter that contains the link https://reprievefamily.org/absio/chosenmopol/?login=user@domain.local, the URL_BLOCK score is not applied:
Code: 
2024-11-14T15:37:03.455424+03:00 164-vm-pmg01 postfix/smtpd[14729]: connect from forward100a.mail.yandex.net[178.154.239.83]
2024-11-14T15:37:03.517489+03:00 164-vm-pmg01 postfix/smtpd[14729]: 7E38E5C38D4: client=forward100a.mail.yandex.net[178.154.239.83]
2024-11-14T15:37:03.536889+03:00 164-vm-pmg01 postfix/cleanup[14631]: 7E38E5C38D4: message-id=<164731731587797@mail.yandex.ru>
2024-11-14T15:37:03.539105+03:00 164-vm-pmg01 postfix/qmgr[858]: 7E38E5C38D4: from=<user46@yandex.ru>, size=2312, nrcpt=1 (queue active)
2024-11-14T15:37:03.539319+03:00 164-vm-pmg01 postfix/smtpd[14729]: disconnect from forward100a.mail.yandex.net[178.154.239.83] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
2024-11-14T15:37:03.592599+03:00 164-vm-pmg01 pmg-smtp-filter[14829]: 5C38DB6735EEEF8E8BF: new mail message-id=<164731731587797@mail.yandex.ru>#012
2024-11-14T15:37:08.545683+03:00 164-vm-pmg01 pmg-smtp-filter[14829]: 5C38DB6735EEEF8E8BF: SA score=0/5 time=4.897 bayes=undefined autolearn=disabled hits=AWL(0.212),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),DMARC_PASS(-0.1),FREEMAIL_ENVFROM_END_DIGIT(0.25),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),HTML_MIME_NO_HTML_TAG(0.635),MIME_HTML_ONLY(0.1),RCVD_IN_MSPIKE_H3(0.001),RCVD_IN_MSPIKE_WL(0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),URIBL_DBL_BLOCKED_OPENDNS(0.001)
2024-11-14T15:37:08.547368+03:00 164-vm-pmg01 pmg-smtp-filter[14829]: 5C38DB6735EEEF8E8BF: added disclaimer (rule: External Sender Warning)
2024-11-14T15:37:08.548078+03:00 164-vm-pmg01 pmg-smtp-filter[14829]: 5C38DB6735EEEF8E8BF: added disclaimer (rule: External Sender Warning Withelist)
2024-11-14T15:37:08.550260+03:00 164-vm-pmg01 postfix/smtpd[14322]: connect from localhost[127.0.0.1]
2024-11-14T15:37:08.551427+03:00 164-vm-pmg01 postfix/smtpd[14322]: 868CD5C38E8: client=localhost[127.0.0.1], orig_client=forward100a.mail.yandex.net[178.154.239.83]
2024-11-14T15:37:08.596387+03:00 164-vm-pmg01 postfix/cleanup[14511]: 868CD5C38E8: message-id=<164731731587797@mail.yandex.ru>
2024-11-14T15:37:08.598793+03:00 164-vm-pmg01 postfix/qmgr[858]: 868CD5C38E8: from=<user46@yandex.ru>, size=5001, nrcpt=1 (queue active)
2024-11-14T15:37:08.599115+03:00 164-vm-pmg01 postfix/smtpd[14322]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
2024-11-14T15:37:08.599375+03:00 164-vm-pmg01 pmg-smtp-filter[14829]: 5C38DB6735EEEF8E8BF: accept mail to <user@domain.local> (868CD5C38E8) (rule: default-accept)
2024-11-14T15:37:08.602782+03:00 164-vm-pmg01 pmg-smtp-filter[14829]: 5C38DB6735EEEF8E8BF: processing time: 5.015 seconds (4.897, 0.04, 0)
2024-11-14T15:37:08.603425+03:00 164-vm-pmg01 postfix/lmtp[4202]: 7E38E5C38D4: to=<user@domain.local>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.1, delays=0.05/0/0.04/5, dsn=2.5.0, status=sent (250 2.5.0 OK (5C38DB6735EEEF8E8BF))
2024-11-14T15:37:08.603650+03:00 164-vm-pmg01 postfix/qmgr[858]: 7E38E5C38D4: removed
2024-11-14T15:37:08.807845+03:00 164-vm-pmg01 postfix/smtp[13805]: 868CD5C38E8: to=<user@domain.local>, relay=127.0.0.1[127.0.0.1]:225, delay=0.26, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0 <164731731587797@mail.yandex.ru> [InternalId=16192026708248, Hostname=HOST] 6326 bytes in 0.136, 45,145 KB/sec Queued mail for delivery)
2024-11-14T15:37:08.808192+03:00 164-vm-pmg01 postfix/qmgr[858]: 868CD5C38E8: removed

I don't understand what's wrong. Help please
 
As said a few times in the forum - In general we recommend against creating custom rules, as they can be hard to get right and/or they might cause performance issues.

In this case:
max046 said:
URIBL_DBL_BLOCKED_OPENDNS(0.001)
Click to expand...
checking the getting started guide (and potentially setting up a dedicated resolver as explained in a page linked from there):
https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway
is probably the better alternative.


max046 said:
/https?:\/\/[^\s"<]+@[dD][oOG][mA][iI][nN]\.[lL][oO][cC][aA][lL]\b/
Click to expand...
the regular-expression does not match - specifically `[dD][oOG][mA][iI][nN]` - would match domin, doain, but not domain ([mA]) - also you can add a 'i' after the last / to make the match case-insensitive IIRC

I hope this helps!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back