• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 339
  • Last Modified:

Help Creating rule for blocking greeting card emails

I am new to spamassassin and am trying to create a rule to block the greating card spam, I found the below rule on the internet somewhere and am not having any luck making this work.

body hrefIP /\<a href=.?http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/(\?.*)?/
score hrefIP 500
describe hrefIP IP

also I am assuming I am supposed to put this in the local.cf file. if I should put it in a different location please let me know.
  • 3
1 Solution
The KAM rules are quite good at detecting greeting card spam. It is updated multiple times a week so worth writing a small script to keep it updated.
Just download the file from the URL above and save it in the same directory where local.cf is.

Try this :-
body hrefIP /\<a href=.?http:\/\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\//

The / character should always be escaped (i.e a \ placed infront)
Also (\?.*)? does not make sense. It matches a question mark followed by any text or nothing at all. Since the rule does not have to match an entire line this part of the rule has no effect.
Also a neater way to write the rule would be to use \d to match a digit instead of [0-9].
Also since an IP address is 1 to 3 digits long it is worth restricting the rule to that to reduce the chance of any false positives.

body hrefIP /\<a href=.?http:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\//
One small error. It should be :-

body hrefIP /\<a href=.?http:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\//i

The 'i' at the end signals that a case insensitive match should be used.
battalionAuthor Commented:
thanks for the help grblades your solution worked perfectly

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now