Help Creating rule for blocking greeting card emails

Posted on 2007-08-06
Last Modified: 2013-12-09
I am new to spamassassin and am trying to create a rule to block the greating card spam, I found the below rule on the internet somewhere and am not having any luck making this work.

body hrefIP /\<a href=.?http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/(\?.*)?/
score hrefIP 500
describe hrefIP IP

also I am assuming I am supposed to put this in the file. if I should put it in a different location please let me know.
Question by:battalion
    LVL 36

    Expert Comment

    The KAM rules are quite good at detecting greeting card spam. It is updated multiple times a week so worth writing a small script to keep it updated.
    Just download the file from the URL above and save it in the same directory where is.

    Try this :-
    body hrefIP /\<a href=.?http:\/\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\//

    The / character should always be escaped (i.e a \ placed infront)
    Also (\?.*)? does not make sense. It matches a question mark followed by any text or nothing at all. Since the rule does not have to match an entire line this part of the rule has no effect.
    LVL 36

    Expert Comment

    Also a neater way to write the rule would be to use \d to match a digit instead of [0-9].
    Also since an IP address is 1 to 3 digits long it is worth restricting the rule to that to reduce the chance of any false positives.

    body hrefIP /\<a href=.?http:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\//
    LVL 36

    Accepted Solution

    One small error. It should be :-

    body hrefIP /\<a href=.?http:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\//i

    The 'i' at the end signals that a case insensitive match should be used.

    Author Comment

    thanks for the help grblades your solution worked perfectly

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Operating system developers such as Microsoft ( and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now