Print Page | Close Window

Regex Keyword Filter on Subject

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
Printed Date: 17 July 2018 at 11:00pm

Topic: Regex Keyword Filter on Subject
Posted By: caratking
Subject: Regex Keyword Filter on Subject
Date Posted: 03 April 2006 at 12:40am

These home loan, and chase bank emails are really getting to me.

I started doing some regex keywords to stop these, and found some samples for subject keyword filters on this forum.

My test messages get stopped, but the real spam do not.

For example, this one just got past:

From: "Hubert Hendrix" < - >
MIME-Version: 1.0
Subject: Looking to ReFi or a Home Equity Loan?

This filter should have caught it, right?


I don't see what I'm doing wrong, any help would be appreciated. I'm assuming the (?i) makes it case insensitive.

Posted By: Desperado
Date Posted: 04 April 2006 at 1:27pm


If you are trying to block that subject, I would have done:


But it is not much different than yours.  (?i) forces no case checking with the glitch that I believe case is determined by your servers "locale" settings so if you are using a non standard locale, there *may* be some very obscure issue (not that I can think of any).

The Desperado
Dan Seligmann.

Posted By: caratking
Date Posted: 05 April 2006 at 7:26pm

I just can't get this subject filtering to work... 

I changed the filters to try and simplify things, this is a sample one:


The SPAM just keep coming through, here is an example of one (of hundreds) that slipped past overnight.

Microsoft Mail Internet Headers Version 2.0
x-fsavag4mse-ts: 82436ceb892a1995
Received: from ([]) by with Microsoft SMTPSVC(5.0.2195.6713); Thu, 6 Apr 2006 05:06:07 +0900
Received: from webs3 ([]) by with Microsoft SMTPSVC(5.0.2195.6713); Thu, 6 Apr 2006 05:06:07 +0900
Content-Transfer-Encoding: 8bit
Received: from by (LogSat Software SMTP Server) Thu, 6 Apr 2006 05:06:06 +0900
Received: (from mailto:tomcat@localhost - tomcat@localhost ) by (8.12.8/8.12.8/Submit) id j3CHmn0V755004 for - ; Wed, 05 Apr 2006 15:05:51 -0600
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
Message-ID: < mailto:170m690m.3591989@ - 170m690m.3591989@ >
Date: Wed, 05 Apr 2006 15:05:51 -0600
From: "Ignacio Wells" < - >
X-Mailer: MIME-tools 5.494 (Entity 5.289)
MIME-Version: 1.0
To: < - >
Cc: < - >
X-Spam-Score:  (-2.705) BAYES_00
X-Scanned-By: MIMEDefang 2.52 on
X-Scanned-By: SpamAssassin 3.103692, File::Scan 0.05, Archive::Zip 1.66
X-Recipient: < - >
Subject: Mortagge ratee approvedd
Content-Type: multipart/related;
X-Server: LogSat Software SMTP Server - Unlicensed Evaluation Copy
X-SF-RX-Return-Path: < - >
X-SF-WhiteListedReason: Whitelisted EMail Address To
Return-Path: < - >
X-OriginalArrivalTime: 05 Apr 2006 20:06:07.0097 (UTC) FILETIME=[5FE46E90:01C658EC]

Content-Type: text/html;
Content-Transfer-Encoding: 7bit

Content-Type: image/gif;
Content-Transfer-Encoding: base64
Content-ID: < - >
Content-Disposition: inline;



Posted By: Desperado
Date Posted: 05 April 2006 at 7:30pm

Hmmm .. do you have ScanReceivedHeaders=1 in your ini file?

The Desperado
Dan Seligmann.

Posted By: caratking
Date Posted: 05 April 2006 at 7:32pm

I believe I have found the problem, it is not specifically related to the keyword filters.

After pasting the above header, I noticed Spam Filter ISP inserted this:

X-SF-WhiteListedReason: Whitelisted EMail Address To

The above SPAM was sent to two people, forum & jteditor.  The jteditor account is whitelisted (they were complaining about false positives - so they get whitelisted). 

Problem is, the forum email goes through because one of the people the message was for is whitelisted.

If someone sends the spam to 5 users, and one of them is whitelisted the other four people will get the message.

This seems like a possible bug to me.

This explains why my test messages were getting blocked, and the real spam gets through...

Posted By: sgeorge
Date Posted: 06 April 2006 at 4:47pm
caratking, I agree with you, I think that one whitelisted recipient shouldn't make everyone else receive the email as well.  While that is a problem, I found a work-around that should provide the correct functionality:
  • Add the following line to your AutoWhiteListForceDelivery.txt file and save:
  • remove jteditor's email address from the "Unfiltered Emails" tab in Spam
As I test this on version (Unregistered), this work-around gives me the result that you were expecting from it.

Thanks again for your help with AuthTo lists,


Print Page | Close Window