2

I want to match this pattern in my spamassassin's filtering rules:

Password archivio: 666


Per conto di:

There is a space after di: and the number can be of undefined digits. in my custom.cf I have created this rule

body CUSTOM_SPAM_RULE   /Password\sarchivio:\s\d+\n\n\nPer\sconto\sdi:\s/
score CUSTOM_SPAM_RULE  99.9
describe CUSTOM_SPAM_RULE       Regola di spam custom

I have checked the regex with an online tool and is working, you can check it here https://regex101.com/r/O3BfDK/1 but I have no hits in my mail gateway, the server side configuration is working cause if I change the rule to a simple regex like \test\ and send an email with a body containing test, I can clearly watch the hits. So, what I'm missing?

silvered.dragon
  • 407
  • 1
  • 7
  • 19

1 Answers1

2

ok found it in official spamassassin's documentation

Rawbody rules Rawbody rules allow you to search the body of the email without certain kinds of preprocessing that SA normally does before trying body rules. In particular HTML tags won't be stripped and line breaks will still be present. This allows you to create rules searching for HTML tags or HTML comments that are signs of spam or nonspam, or particular patterns of line-break.

so the correct rule becomes

rawbody CUSTOM_SPAM_RULE   /Password\sarchivio:\s\d+\n\n\nPer\sconto\sdi:\s/
score CUSTOM_SPAM_RULE  99.9
describe CUSTOM_SPAM_RULE       Regola di spam custom
silvered.dragon
  • 407
  • 1
  • 7
  • 19
  • I have a similar filter and it does not work. It is as if the regex would not run at all. It is not clear either if it is a multiline regex or not, I mean with m flag it should cover the \n with \s. I am not sure either if I can use flags or not. – inf3rno Jul 08 '22 at 09:14
  • On an online regex testing tool it matches. I have no idea what's wrong, in theory everything is properly set. :S – inf3rno Jul 08 '22 at 09:21
  • Turned out I have to set it on GUI without // and flags. It is global, multiline and ignorecase by default. – inf3rno Jul 08 '22 at 09:27