Closed rickygm closed 5 years ago
I'd do something like this...
mimeheader __MIME_WORDOREXCEL Content-Type =~ /msword|excel/i
header __RELAYCOUNTRY_SPAMMY X-Relay-Countries=~/^(RU|CN)/i
meta WORDEXCEL_SPAMMYCOUNTRY __MIME_WORDOREXCEL && __RELAYCOUNTRY_SPAMMY
describe WORDEXCEL_SPAMMYCOUNTRY Spammy country and word/excel file
score WORDEXCEL_SPAMMYCOUNTRY 1.0
This doesn't include my plugin mind you - to add the additional detection:
meta OLEMACRO_SPAMMYCOUNTRY OLEMACRO && __RELAYCOUNTRY_SPAMMY
describe OLEMACRO_SPAMMYCOUNTRY Spammy country and Office doc with Macro
score OLEMACRO_SPAMMYCOUNTRY 1.0
Note that this isn't the only way - have a look at including dynamic senders metas who send most of this type of spam.
Hi , add the rule to my spamassassin, and I made an attempt from a gmail account, but spamassassin does not add it to the filtering.
mimeheader __MIME_WORDOREXCEL Content-Type =~ /msword|excel/i header __RELAYCOUNTRY_SPAMMY X-Relay-Countries=~/^(RU|CN|AR|AE|CG|FR|IR|KI|PK|AU|BS|BE|BO|BT|AI|AO|BR|KH|CL|CO|CK|CU|DM|EC|US)/i
meta WORDEXCEL_SPAMMYCOUNTRY __MIME_WORDOREXCEL && __RELAYCOUNTRY_SPAMMY describe WORDEXCEL_SPAMMYCOUNTRY Spammy country and word/excel file score WORDEXCEL_SPAMMYCOUNTRY 2.0
meta OLEMACRO_SPAMMYCOUNTRY OLEMACRO && __RELAYCOUNTRY_SPAMMY describe OLEMACRO_SPAMMYCOUNTRY Spammy country and Office doc with Macro score OLEMACRO_SPAMMYCOUNTRY 2.0
see the log https://pastebin.com/bmRq7v7h
thank for you help.
I find some of your spamassassin rules interesting, sorry to write here in issue, but it is possible that you could add a rule for word or excel files from some spammy countries , I currently catalog some countries based on this documentation of spamassassin https://wiki.apache.org/spamassassin/RelayCountryPlugin
thanks for all help.