SpamAssassin rule for emails with multiple TO email addresses?

Andrew Newby

6/23/23, 5:09 PM

I'm getting pummelled my spammers who are sending emails that don't really score for some reason:

X-Spam-Score: 5
X-Spam-Bar: /
X-Spam-Report: Spam detection software, running on the system "brian2022.newbyhost.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 
 Content preview:  ety ykjebe vehlej ety ykjebe vehlej 
 
 Content analysis details:   (0.5 points, 4.0 required)
 
  pts rule name              description
 ---- ---------------------- ---------------------------------------------
  0.5 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [40.92.21.79 listed in list.dnswl.org]

Part of the problem I think is the content is too small:

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
ttom:0;} </style>
</head>
<body dir=3D"ltr">
<div style=3D"font-family: Calibri, Arial, Helvetica, sans-serif; font-size=
: 12pt; color: rgb(0, 0, 0);">
ety ykjebe vehlej </div>
</body>
</html>

(it then has an attachment, which I guess would have a link to their site - but I've dared open it!)

One of things I'm hoping I can filter on, is when they are (for example) 5 or more people in the To: column. I've tried looking online to see if an existing rule exists for this, but have come up empty.

Is this even possible?

0 + 0

spamassassin

Score:0

Server

Andrew Newby

6/24/23, 6:09 AM

OK so technically this doesn't answer my question, but it does work for what I need with the same end-game. I realised I could add in a rule to my /etc/exim4/exim4.conf.template file, which would reject any emails that have too many "to" addresses:

  deny     message = Too many recipients
         condition = ${if >{ ${listcount:${addresses:$h_To:,$h_Cc:}} }{5} {yes}{no}}

This now works exactly how I want, and they bounce with:

SMTP error from remote mail server after pipelined end of data:
550 Too many recipients

Hopefully this helps someone else trying to acheive the same thing

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SpamAssassin rule for emails with multiple TO email addresses?

TH: กฎ SpamAssassin สำหรับอีเมลที่มีที่อยู่อีเมล TO หลายรายการ

RO: Regula SpamAssassin pentru e-mailurile cu mai multe adrese de e-mail TO?

RU: Правило SpamAssassin для электронных писем с несколькими адресами электронной почты TO?

VI: Quy tắc SpamAssassin cho các email có nhiều địa chỉ email ĐẾN?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.