[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: Regex rule assistance requested
From:       Matt Kettler <mkettler () evi-inc ! com>
Date:       2004-04-29 21:50:23
Message-ID: 6.0.0.22.0.20040429174457.02991fc8 () 192 ! 168 ! 50 ! 2
[Download RAW message or body]

At 04:42 PM 4/29/2004, Sloan, Craig wrote:
>I have got some spam just squeaking in under the threshold and was examining
>the contents to try to see how to bump them up and over. What I noticed,
>regardless of the contents, sender, etc., the Message-ID had @mx with either
>2 or 3 digits followed by the domain.  (Samples below)
>
>After trying to learn regex in 30 minutes and not getting anywhere, it was
>suggested to post it here (Thanks JC). Any suggestions on a regex to score
>this?
>
>Message-ID: <mrnbdphastcabwykiowl@mx247.BlMonkeyv3.us>
>
>Message-ID: <mzldctpyxhigxfnszeah@mx253.Blue52.biz>
>
>Message-ID: <muyxojlmfyxhroydrkzi@mx30.blindu89.biz>
>
>Message-ID: <gcefrqmfypmhwzyxeidc@mx16.BlMonkeyv3.biz

Something like this should match it pretty well:
header LOCAL_MSGID_PATTERN1     Message-ID 
=~   /[a-z]{20}\@mx\d{1,3}\.\w{4,15}\.\w{2,4}/
score LOCAL_MSGID_PATTERN1 0.01

looking for 20 lower-case letters, followed by "@mx" followed by 1-3 
numbers followed by .domain.tld

I'm running a quick mass-check on it, hit-rates to follow. 

[prev in list] [next in list] [prev in thread] [next in thread]