[Rspamd-Users] Control rspamd depending on subject content

[G.W. Haywood]

Hi there,

On Sun, 21 Jan 2024, Tino Hendricks wrote:

> I don’t see which of the words in your blacklist_full_content.map would hit the
>>> info reze-ptfrei anfordern
>
> Because the hyphen is at another position every time.

This is the sort of thing I mean when I say "whack-a-mole".

You *can* write a regex which will match the phrase even if random

$ perl -e 'if( "in-fo reze-pt-frei an-for-dern" =~ /i.?n.?f.?o.? .?r.?e.?z.?e.?p.?t.?f.?r.?e.?i.? .?a.?n.?f.?o.?r.?d.?e.?.?r.?n/ ){print "matched\n";}'
matched

punctuation is inserted, and you can even code something which will
take a list of phrases in plain text and generate a bunch of regexes
automatically, but usually the law of diminishing returns will assert
itself.  The malicious actor need only change one of his words, or the
spelling, or the entire phrase - and of course he will - and Mole will
pop up his head somewhere else and you'll have to change your regexes.

Better to try to find something else which identifies the messages.

As I said earlier there are usually things in the headers which can
give you a way to identify unwanted mail.

-- 

73,
Ged.