[prev in list] [next in list] [prev in thread] [next in thread]
List: spamassassin-users
Subject: Re: Regex rule assistance requested
From: Matt Kettler <mkettler () evi-inc ! com>
Date: 2004-04-29 21:50:23
Message-ID: 6.0.0.22.0.20040429174457.02991fc8 () 192 ! 168 ! 50 ! 2
[Download RAW message or body]
At 04:42 PM 4/29/2004, Sloan, Craig wrote:
>I have got some spam just squeaking in under the threshold and was examining
>the contents to try to see how to bump them up and over. What I noticed,
>regardless of the contents, sender, etc., the Message-ID had @mx with either
>2 or 3 digits followed by the domain. (Samples below)
>
>After trying to learn regex in 30 minutes and not getting anywhere, it was
>suggested to post it here (Thanks JC). Any suggestions on a regex to score
>this?
>
>Message-ID: <mrnbdphastcabwykiowl@mx247.BlMonkeyv3.us>
>
>Message-ID: <mzldctpyxhigxfnszeah@mx253.Blue52.biz>
>
>Message-ID: <muyxojlmfyxhroydrkzi@mx30.blindu89.biz>
>
>Message-ID: <gcefrqmfypmhwzyxeidc@mx16.BlMonkeyv3.biz
Something like this should match it pretty well:
header LOCAL_MSGID_PATTERN1 Message-ID
=~ /[a-z]{20}\@mx\d{1,3}\.\w{4,15}\.\w{2,4}/
score LOCAL_MSGID_PATTERN1 0.01
looking for 20 lower-case letters, followed by "@mx" followed by 1-3
numbers followed by .domain.tld
I'm running a quick mass-check on it, hit-rates to follow.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic