[Rspamd-Users] Regex in Multimap does not work
Gerald Galster
list+rspamd at gcore.biz
Tue Nov 30 14:33:24 UTC 2021
> so why does these expressions not matching to following line
>
> Subject: Re:
>
> /Subject: Re:\z/ MY_OWN_SYMBOL:8
> or
> /Subject: Re:$/ MY_OWN_SYMBOL:8
> or
> /^Subject: Re:$/ MY_OWN_SYMBOL:8
>
> the following applies, but also if there is something after Re:
>
> /Subject: Re:/ MY_OWN_SYMBOL:8
Try: /Subject: Re:\r?\n/ MY_OWN_SYMBOL:8
You have defined:
MY_OWN_SYMBOL {
type = "content";
filter = "headers";
...
}
Type "content" with filter "headers" returns "undecoded headers".
If I remember correctly, e-mail headers contain 7-bit ascii only
which means there cannot be umlauts (ä, ö, ...), emoticons, etc
and headers containing those must be encoded (like Quoted-Printable
or Base64, see https://datatracker.ietf.org/doc/html/rfc2045#section-6.7)
Some spammers do encode headers that way even if there are no umlauts.
That way filters like the one you defined will not match.
Also header lines can be wrapped if they are too long (multiline)
and therefore might not match.
Moreover lines in SMTP are ending with \r\n (carriage return and
new line). That's why I suggested the \r? above.
It might be less troublesome to use a configuration like this:
type = "header";
header = "Subject";
regexp = true;
Best regards
Gerald
More information about the Users
mailing list