1

I'm trying to catch the hoax domain name invoices I receive for my various websites. These emails have the subject line: [domain] Final Notice. I've added this rule to local.cf (other rules I've added are OK) ---

header LOCAL_DOMAINSCAM  Subject =~ /(domain1|domain2|domain3)\.(com|net|org|com\.au) Final Notice/i
score  LOCAL_DOMAINSCAM 5
describe  LOCAL_DOMAINSCAM  Hoax domain name renewal notice

But it's not working. What am I doing wrong?

user1883957
  • 29
  • 2

3 Answers3

0

Have you restarted spamassassin since you added the rule?

service spamassassin restart

Tony
  • 1
  • 1
  • Yes, I did that. And checked mail.info to be sure that the restart was successful. And other rules I've added to local.cf are working as expected. – user1883957 Oct 17 '19 at 01:42
0

Running it through the regex101.com regex tester it looks like you need to remove the \ before the first dot.

header LOCAL_DOMAINSCAM  Subject =~ /(domain1|domain2|domain3)\.(com|net|org|com\.au) Final Notice/i
score  LOCAL_DOMAINSCAM 5
describe  LOCAL_DOMAINSCAM  Hoax domain name renewal notice
Tony
  • 1
  • 1
  • Thanks for the suggestion; but I actually tested the expression there first. The expression correctly matches the target subject lines. An unescaped dot matches *any* character. The dot is escaped because I need to match an actual dot. – user1883957 Oct 18 '19 at 19:50
0

You need to allow user rules if that's in a personal area; local.cf should contain this line:

allow_user_rules 1

This shouldn't be a problem if your rule definition is itself in SpamAssassin's local.cf and you've restarted the spamd instance you're running (or whatever daemon you're using).

You also should verify that SpamAssassin is loading your rule properly (run spamassassin -D < /path/to/test/message.eml > ~/log 2>&1 and then check your ~/log file to ensure it's loading the rule.

Adam Katz
  • 14,455
  • 5
  • 68
  • 83