[Rspamd-Users] multimap and header lines
Achim Lammerts
ml-rspamd at syntaxys.de
Mon Nov 18 19:15:40 UTC 2024
Hi Valentijn,
since some days I have a similar problem with forwarded spam from Google
maillists and I got it solved by matching a specific header:
multimap.conf:
NOTACCEPTABLE {
type = "header";
header = "X-sender";
map = "/tmp/headerblock.map";
regexp = true;
action = "reject";
message = "no thanks";
}
headerblock.map:
/.*fc9822d6-c227-4fb2-a50a-c86656e68129.*yes.*/iX
Guess this should work, but it's not tested. Give it a try 😉
More info about the regexp functionality of rspamd you'll find here:
https://rspamd.com/doc/modules/regexp.html
Regards
Achim
Am 18.11.24 um 17:34 schrieb Valentijn Sessink:
> Hi List,
>
> I wanted to just match one header; but wanted to be able to add more
> headers if necessary. Now my question is: what is the correct way of
> matching a single header line, from start to end?
>
> I now have: multimap.conf
> NOTACCEPTABLE { type = "content"; filter = "headers";map = "/tmp/
> headerblock.map"; regexp = true; action = "reject";
> message = "no thanks"; }
>
> With headerblock.map saying:
> /(*ANYCRLF)(^|\R)X-fc9822d6-c227-4fb2-a50a-c86656e68129: yes\R/
>
> which pretty much matches a regular e-mail that has a header
> X-fc9822d6-c227-4fb2-a50a-c86656e68129: yes
>
> ... but it still doesn't seem to match a <CR><LF> header. Yeah I know
> that SMTP has strict CRLF rules, but I also know that there's no real
> penalty.
>
> So:
> - what is the correct way to match a specific header line from beginning
> to end?
> Subquestions:
> - are headers normalized, when multimap kicks in?
> - does the PCRE clause (*ANYCRLF) do anything? Should I leave that out?
>
> BTW the header I'm actually trying to block is
> X-sender: postmaster at salesforce.com ;-)
>
> V.
More information about the Users
mailing list