User profile for user: Tony Cox1
Tony Cox1 Author
User level: Level 1
5 points

Help with writing body_checks rules

I was wondering if anyone knew of a good source to refer to for writing body_check rules for Postfix. I am having an issue with a few rules that I have written to block spam, but I am blocking legitimate mail as well - the legitamate mail does not seem to meet the rule's criteria.

Here is an example of my rule:
/NMXC/ REJECT Spam Rule Number 88

I want to block the word or stock id "NMXC" but it is blocking emails that do not contain "NMXC".

Any help would be appreciated.

Thanks,

Tony

Xserve, Mac OS X (10.4.8)

Posted on Feb 5, 2007 8:17 AM

Reply
5 replies
User profile for user: Tony Cox1
Tony Cox1 Author
User level: Level 1
5 points

Feb 16, 2007 6:38 AM in response to Tony Cox1

Since no one responded to this question, I thought that I might change the question up just a little.

In body_checks rules is it neccessary to place the "^" symbol in front of the word or phrase that you are trying to block?

When I have written the rule before, like this:

/Word to Block/ REJECT explanation

The rule blocks emails that do not even include the Word.

As you can imagine, this creates problems. I am hoping that someone on this discussion list can clarify this for me.

Thanks.
Reply
User profile for user: David_x
David_x
User level: Level 4
3,011 points

Feb 17, 2007 3:31 AM in response to Tony Cox1

Since no one responded to this question, I thought
that I might change the question up just a little.

In body_checks rules is it neccessary to place the
"^" symbol in front of the word or phrase that you
are trying to block?


The "^" character matches 'beginning of line', so /^ABC/ would only match when "ABC" is at the beginning of the line.
http://www.unix-manuals.com/refs/regex/regex.htm

The rule blocks emails that do not even include the
Word.


Are you sure it is that rule that is being triggered? Can you post the reject notice?

-david
Reply
User profile for user: Tony Cox1
Tony Cox1 Author
User level: Level 1
5 points

Feb 18, 2007 5:48 PM in response to David_x

I am sure that it is the rule that is being triggered. I list my rule responses as "Spam Rule" and then a line number so that I can keep up with which rules are causing the rejection.

I have disabled most of my Spam Rules for body_checks because I was getting so many false positives.

Jan 15 04:10:10 Macintosh postfix/cleanup[19746]: B5CB910512D3: reject: body HZeppHyAgMCRMAW3A7j/AFYaKEC9RlCAMW6gAh2YgNw0gCsoQCByACDAwQAQAQqwAASwSlcSSjMB from 125.red-213-96-130.staticip.rima-tde.net[213.96.130.125]; from=<ant@suncap.sun.com> to=<classifieds@seminoleherald.com> proto=SMTP helo=<125.Red-213-96-130.staticIP.rima-tde.net>: Spam Rule Number 85

I don't know if this is true junk or not. The log is so old. I had several people who had legitimate mail rejected and when I asked their sender to let me know if it contain the phrase or word that was rejected by Spam Rule Number 85 the response was always no.

Perhaps I need to place a space between my slashes...would that help? In other words make the filter look like this:
/ word toreject / Spam Rule Number 85.

By the way, thanks for responding.
Reply
User profile for user: David_x
David_x
User level: Level 4
3,011 points

Feb 19, 2007 2:21 AM in response to Tony Cox1

It is probably an attachment (in base64) which is triggering the rule. The filter acts purely on the text content and that includes encoded attachments and any other text content (html etc). I note that the postfix docs themselves recommend against this type of general anti-spam filtering both due to their limitations and the potential impact on processing...
http://www.postfix.org/BUILTINFILTERREADME.html

Probably better to spend the time keeping spamassasin rules uptodate (there is a rule for stock market spam) and just accept you will never be 100% effective. The stock market rule is at this site...
http://www.rulesemporium.com/
If you use any of their rules, read the docs. Also, search in this forum for "rulesemporium" and you will see other info on subject.

-david

Email encoding: http://email.about.com/cs/standards/a/mime.htm
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Help with writing body_checks rules

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up