[Rspamd-Users] Control rspamd depending on subject content
Tino Hendricks
t.hendricks at interpool.de
Sun Jan 21 15:04:08 UTC 2024
Guys, you are gold! 🤩
Thanks a bunch!
> Am 21.01.2024 um 13:38 schrieb G.W. Haywood <rspamd at jubileegroup.co.uk>:
>
> Hi there,
>
> On Sun, 21 Jan 2024, Tino Hendricks wrote:
>
>> I don’t see which of the words in your blacklist_full_content.map would hit the
>>>> info reze-ptfrei anfordern
>>
>> Because the hyphen is at another position every time.
>
> This is the sort of thing I mean when I say "whack-a-mole".
>
> You *can* write a regex which will match the phrase even if random
>
> $ perl -e 'if( "in-fo reze-pt-frei an-for-dern" =~ /i.?n.?f.?o.? .?r.?e.?z.?e.?p.?t.?f.?r.?e.?i.? .?a.?n.?f.?o.?r.?d.?e.?.?r.?n/ ){print "matched\n";}'
> matched
>
> punctuation is inserted, and you can even code something which will
> take a list of phrases in plain text and generate a bunch of regexes
> automatically, but usually the law of diminishing returns will assert
> itself. The malicious actor need only change one of his words, or the
> spelling, or the entire phrase - and of course he will - and Mole will
> pop up his head somewhere else and you'll have to change your regexes.
>
> Better to try to find something else which identifies the messages.
>
> As I said earlier there are usually things in the headers which can
> give you a way to identify unwanted mail.
>
> --
>
> 73,
> Ged.
> --
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users
More information about the Users
mailing list