Menu
Reply
  • 3.47K
  • 111
  • 417
VMCopperUser
Trouble shooter
488 Views
Message 1 of 8
Flag for a moderator

REGEX Filter - Fully Working?

My REGEX filter

ow\.ly

The Rule.. 

Condition: 
Body, REGEX, ow\.ly
Action:
File into, Select Folder, Spam

The Email I got.

Spoiler
Return-Path: <bounce+dcb514.7ce50b-john.feeley1=ntlworld.com@mg.pellpax.co.uk>
Delivered-To: *REMOVED*@ntlworld.com
Received: from md6.tb.ukmail.iss.local ([212.54.59.70])
	by mc60.tb.ukmail.iss.local with LMTP id +K/lJqmASFw1aQAADOOQZg
	for <*REMOVED*@ntlworld.com>; Wed, 23 Jan 2019 15:56:41 +0100
Received: from smtpclienthelo ([212.54.59.70])
	by md6.tb.ukmail.iss.local with LMTP id gPRvIKmASFyABQAACKiK/Q
	; Wed, 23 Jan 2019 15:56:41 +0100
Authentication-Results: ukmail.iss.as9143.net;
 spf=softfail (3.122.222.195;mg.pellpax.co.uk);
 dkim=none (nosigs);
 dmarc=none header.from=sysprem.com (dis=no_record);
X-Env-Mailfrom: bounce+dcb514.7ce50b-john.feeley1=ntlworld.com@mg.pellpax.co.uk
X-Env-Rcptto: *REMOVED*@ntlworld.com
X-SourceIP: 3.122.222.195
X-CNFS-Analysis: v=2.3 cv=R+t95uZX c=1 sm=1 tr=0
 a=NQx/jVScG8LROY06YLJBfQ==:117 a=NQx/jVScG8LROY06YLJBfQ==:17
 a=ID_p04AoAAAA:20 a=b8_XFNuTAAAA:20 a=zS5SlfW2AAAA:20 a=0l_kue-9AAAA:20
 a=zfpgQUVK0F1DPDTJmokA:9 a=L03L2QfmqWoA:10 a=bCM2JLPhg1R6AXhwjVo2:22
 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=UDnyf2zBuKT2w-IlGP_r:22
Received: from lookafter1.info ([3.122.222.195])
	by mx3.mnd.ukmail.iss.as9143.net with ESMTP
	id mJxEgGv6lxSgYmJxJg98o1; Wed, 23 Jan 2019 15:56:41 +0100
Message-Id: <.oLfS9XliWcRX@oLfS9XliWcRX>
MIME-Version: 1.0
Subject: Looking For Love in All The Right Places
From: Asia Charm<contact_@sysprem.com>
Reply-to: reply@lookafter1.info
To: *REMOVED*@ntlworld.com
X-Originating-IP:172.31.44.168
Content-Type: text/html;
Content-Disposition: inline
Date: Wed, 23 Jan 2019 13:55:14 +0000
X-CMAE-Envelope: MS4wfF4bOOEVj6jVtD13wDLGzeMj0b6s+64Cubqs5wvSx7Zcc5RaXpLP4znt1espxoUMTRx3WFnhcu/qZCNx0sg2LdpfKFS6eJ8cY2X9/11UNGaj+AuO9dlo
 LYbtcQCo/dbvuHskBK5fA3uh3SUF9RJYf86K2Rv6w4EWJA1m5C0tnyKflhAVKSTn2brn1Sd+IZU9013ZWOm10m/dWnrngL2U3jX7FMv1eFy89rCeuwFwC6vQ

<script> 
vVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLevVsWcpciRzgACePotnBOIFgSfVtoSXhoTzlVPndGNjgpnWDHjfvRKBKPxddpbkDUKPPzcTgPcmfqjIYtOulyWVntYrJZCnUmcJLe 
</script> 
<center><P style="text-align: center;"> 
<html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/> </head><center>
<center>
<a href="http://ow.ly/SdyS30nngeq"><img src="http://ow.ly/dlLE30nngeo"></a><br/><a href="http://ow.ly/yam630nnges"><img src="http://ow.ly/Cb3f30nnger"></a><br/>
</center>

If I send a test email with a ow.ly link in the body then it gets flagged and moved to junk, yay... But the ones from the spammers seem to be making it through.  It's also slightly laughable that if I try to forward the exact email back to myself to test it, the VM servers block it as spam.

Full Disclosure, I have about 20 conditions (REGEX is last), and it is set at the top to "apply if any condition is met".

Just wondering if I am doing something wrong here, or if I am better making a new rule or, or, or?

----
I do not work for VM, but I would. It is just a Job.
Most things I say I make up and sometimes it's useful, don't be mean if it's wrong.
I would also make websites for them, because the job never seems to require the website to work.
0 Kudos
Reply
  • 4.73K
  • 319
  • 795
Roger_Gooner
Superstar
479 Views
Message 2 of 8
Flag for a moderator

Re: REGEX Filter - Fully Working?

Does it make a difference if you use this:

^ow\.ly$

--
Hub 3.0, TP-Link Archer C8, TP-Link TL-SG1008D 8-port gigabit switch, V6
My Broadband Ping - Roger's VM Broadband Connection
0 Kudos
Reply
  • 3.47K
  • 111
  • 417
VMCopperUser
Trouble shooter
477 Views
Message 3 of 8
Flag for a moderator

Re: REGEX Filter - Fully Working?


@Roger_Gooner wrote:

Does it make a difference if you use this:

^ow\.ly$


 

Just tried again.

If I send a mail from myself (usa domain), have a ow.ly link in it then my original filter works.

^ow\.ly$ doesn't seem to catch it.  Seems odd it can catch my test emails, but not the actual spam ones ;(… 

----
I do not work for VM, but I would. It is just a Job.
Most things I say I make up and sometimes it's useful, don't be mean if it's wrong.
I would also make websites for them, because the job never seems to require the website to work.
0 Kudos
Reply
  • 3.76K
  • 403
  • 1.34K
Very Insightful Person
Very Insightful Person
434 Views
Message 4 of 8
Flag for a moderator

Re: REGEX Filter - Fully Working?

Your regular expression is correct for matching a string that contains the pattern ow.ly; no idea why it would not have worked for the spam message shown in your post.

BTW Virgin Media's spam filters are handling that spam message correctly now by sending it directly to the Spam folder, are you seeing that as well?

0 Kudos
Reply
  • 3.47K
  • 111
  • 417
VMCopperUser
Trouble shooter
411 Views
Message 5 of 8
Flag for a moderator

Re: REGEX Filter - Fully Working?

It all seems to be working now, perhaps I needed to give it time to be applied everywhere?

 

In regards to the spam message I was getting, it's odd.

I was sending it from a different address (both under my main account) and it was generating an error message telling me my email was spam.  Kinda neat, Kinda odd.. With the REGEX filter removed it wasn't give the spam error :/…. Saying that, perhaps me moving those mails into spam causes the system to build a index of that email that gets applied globally?.. 

An error occurred while sending mail. The mail server responded:  552 5.7.0 SPAM Content Found (VM603) nAt7gsS6ovyZpnAt7gWPRT. Please check the message and try again.

Anyhow, thanks for the feedback guys.  I do fear something legit will come with "ow.ly", but searching a few thousand emails says I have never had it before so not going to worry about it too much.

----
I do not work for VM, but I would. It is just a Job.
Most things I say I make up and sometimes it's useful, don't be mean if it's wrong.
I would also make websites for them, because the job never seems to require the website to work.
0 Kudos
Reply
  • 3.47K
  • 111
  • 417
VMCopperUser
Trouble shooter
378 Views
Message 6 of 8
Flag for a moderator

Re: REGEX Filter - Fully Working?

I thought this was fixed, but it seems not.

Will just leave it for now, but it looks like the REGEX filter doesn't work.

----
I do not work for VM, but I would. It is just a Job.
Most things I say I make up and sometimes it's useful, don't be mean if it's wrong.
I would also make websites for them, because the job never seems to require the website to work.
0 Kudos
Reply
  • 2
  • 0
  • 0
braden09
Settling in
310 Views
Message 7 of 8
Flag for a moderator

Re: REGEX Filter - Fully Working?

I notice you have

@sysprem. in your email. I like do many other people are being driven mad by numerous spam coming through as
-*AsianFeels*-<contact_@sysprem.com>. Could you advise on how best to deal with these?
 
0 Kudos
Reply
  • 3.76K
  • 403
  • 1.34K
Very Insightful Person
Very Insightful Person
307 Views
Message 8 of 8
Flag for a moderator

Re: REGEX Filter - Fully Working?

0 Kudos
Reply