spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Hardin <jhar...@impsec.org>
Subject Re: Preventing duplicated matches
Date Sat, 21 Oct 2017 20:19:25 GMT
On Sat, 21 Oct 2017, Kevin A. McGrail wrote:

> Neat idea.

Potentially...

> On October 21, 2017 8:37:41 AM EDT, RW <rwmaillists@googlemail.com> wrote:
>> On Sat, 21 Oct 2017 13:09:24 +0200
>> Matus UHLAR - fantomas wrote:
>>
>>> On 21.10.17 07:45, Pedro David Marco wrote:
>>>> is there any way to avoid duplicated matches when tflag is set to
>>>> "multiple"?

Can you provide a concrete example of *why* you would want to set "tflags 
multiple" in the first place if you do not want duplicate/multiple 
matches for that rule?

The only plausible scenario I can see for this is to override the behavior 
of base rules having "tflags multiple" set. That's done for a reason, and 
turning off the multiple-hits behavior will break those rules.

You may be able to achieve that by setting "tflags maxhits=1" for that 
rule...

>>> that's the whole point of multiple. you can limit it to some number by 
>>> "maxhits" option.

...as suggested by Matus.

If you don't want the score to multiply, then put the "tflags multiple" on 
a __subrule, and score a meta that checks the number of hits exceeds some 
minimum. There are rules like that in the base ruleset and the 
documentation if you want examples of how to do it.

>> I think that the question was about counting the distinct strings, so
>> if you got the matches:
>>
>>  "Spam", "Sausage", "Spam", "Egg", "Spam"
>>
>> it would count as 3 rather than 5.
>>
>> This would be useful, but AFAIK it's not possible.

I *think* I understand that - one hit counted for "Spam", one for 
"Sausage" and one for "Egg"? Right now it doesn't capture the matches, 
that would need to change. As KAM said, open a bugzille new feature 
request, ideally with a useful example.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  205 days since the first commercial re-flight of an orbital booster (SpaceX)

Mime
View raw message