Hi,

I need a bit help to understand what Im doing wrong. From the BAT book I have tried to reuse 7.3.1 Virus Screening by Subject on FreeBSD 13 with sendmail 8.17.1.

I have created a flat file where I keep some email subjects, called spamsubjects. the content of the file is something like this:

This is a spam REJECT
Another line REJECT

and create a hash out of it using makemap.
makemap -t\tab hash spamsubjects < spamsubjects

Then inside my .mc file I have defined:

LOCAL_CONFIG
Kspamsubdb hash /etc/mail/spamsubjects
HSubject: $>ScreenSubject

LOCAL_RULESETS
SScreenSubject
R $* $: $(spamsubdb $&{currHeader} $: OK $) $1
R REJECT $* $#error $: "553 Subject:" $1 ": Not allowed"

But it does not work. Nothing gets blocked. Any ideas what I am doing wrong?

Thanks,
Stefan

> This is a spam REJECT
> Another line REJECT

In the real file, I have TAB between the spam subject and REJECT.

Stefan Parvu wrote:

> This is a spam REJECT

> makemap -t\tab hash spamsubjects < spamsubjects

> Kspamsubdb hash /etc/mail/spamsubjects
> HSubject: $>ScreenSubject

> SScreenSubject
> R $* $: $(spamsubdb $&{currHeader} $: OK $) $1
> R REJECT $* $#error $: "553 Subject:" $1 ": Not allowed"

> But it does not work. Nothing gets blocked. Any ideas what I am doing wrong?

"It's complicated"

op.txt: {currHeader} ... ``Header value as quoted string''
which means
'a b c'
is represented as
'" a b c "'
BUT for the map lookup the quotes are removed leaving us with:
' a b c'
"interesting", isn't it?

So this should work:
This is a spam REJECT
(space.........tab)

In general it is better to use a regex map to match the values
of "unstructured" headers (non-address fields).

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Thanks for message.

> So this should work:
> This is a spam REJECT
> (space.........tab)

Let me see if I understood you correctly. Are you saying I should reformat my spamsubjects file? Not to use spaces within?
Or

Even If I have a single word like:

MYPATTERN\tabREJECT

won't work

Stefan Parvu wrote:

> > This is a spam REJECT
> > (space.........tab)

What removed the leading space and changed the TAB?

> Let me see if I understood you correctly. Are you saying I should reformat my
> spamsubjects file? Not to use spaces within?

No. The LHS must be (without the quotes):
`` This is a spam''
that is, it has a _leading_ space.

Run something like
sendmail -bs -d38.20 -d39.20
....
to see what's going on (or start a daemon with
-D/tmp/sm.log -d89.9 -d38.20 -d39.20
and send a message through it).

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

> `` This is a spam''
> that is, it has a _leading_ space.

Huh. Got it. 10 x thanks.
It works fine. I will continue experimenting with this.

Thanks again!

> In general it is better to use a regex map to match the values
> of "unstructured" headers (non-address fields).

how could I change and improve the rulesets to use a regex map to match the values from my spam subject file?
Is it difficult? Any pointers?

Right now, Im using something like this:

LOCAL_RULESETS
SScreenSubject
R $* $: $(subdb $&{currHeader} $: OK $) $1
R REJECT $* $#error $: "553 Subject:" $1 ": Not allowed"

Thank you
Stefan

Stefan Parvu wrote:

> how could I change and improve the rulesets to use a regex map to match the
> values from my spam subject file?

You would have to put all of the data into the regex. If you have
many entries or if you change the content often, then it might be
better to use milter-regex so you don't have to restart sendmail
after each change.

Otherwise it's fairly simple: just replace the map definition,
e.g., something like this:
Kspamsubdb regex (This is spam|Another line)

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

> You would have to put all of the data into the regex. If you have
> many entries or if you change the content often, then it might be
> better to use milter-regex so you don't have to restart sendmail
> after each change.

I see. Im not familiar with milter-regex (plugins to sendmail
written in C AFAIK) but probable will just use the basic regex
within the ruleset. Lets see if I can make it happen.

>
> Otherwise it's fairly simple: just replace the map definition,
> e.g., something like this:
> Kspamsubdb regex (This is spam|Another line)

Thanks