spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergio <>
Subject help with a sintax rule appreciated
Date Wed, 09 Jul 2014 04:43:32 GMT
Hi all,
long time not bother you with my doubts, sorry if this has been posted
before and your help is appreciated.

I have been hammered with a lot of spam that comes like this in the from:

Example list:

These are the headers from

Message Headers:Received: from ([]:5780)
     by with esmtp (Exim 4.82)
     (envelope-from <>)
     id 1X4VcB-004Aw1-EW
     for; Tue, 08 Jul 2014 08:39:23 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=LASTAWHDAK.COM
h=Mime-Version:Content-Type:Message-Id:Date:From:To:Subject; i=
Received: by tech.LASTAWHDAK.COM id hnfq3o0001gp for <>;
Tue, 8 Jul 2014 13:18:07 +0000 (envelope-from <AmazonCoupons-user=>)
Mime-Version: 1.0
Content-Type: multipart/alternative;
Message-Id: <
Date: Tue, 8 Jul 2014 13:18:07 +0000
*From: *Amazon Coupons <AmazonCoupons@LASTAWHDAK.COM>
To: user@domain.comt

I have created the following rule, because I thought that I could block any
"From" that includes a domain name with the extensions .com or .net or .org
or .biz before @

header    BLACKLIST_REGEX    From:address =~ /\=.*\.(com|net|org|biz)\@/i
score      BLACKLIST_REGEX    5

But it is not working, the rule is not catching any of the "From" from
above example list.

I have also tried but with no luck:

header    BLACKLIST_REGEX    From =~ /\=.*\.(com|net|org|biz)\@/i
score      BLACKLIST_REGEX    5

So, my question is, Do I have to go and better check for the "Received" ?
Something like:

header    BLACKLIST_REGEX    Received =~ /\\=.*.(com|net|org|biz)\@/i
score      BLACKLIST_REGEX    5

Or if you have a better way on doing this, your advice is appreciated.

Best Regards,


View raw message