Hi,
Due to your HOP setting you are checking multiple hops.
Ok, that was the intent.
Since you use a multihop setting you should score the hops differently
or run into problems like you identified.
That's one way of handling it.
I would suggest reducing it to 1. This will score the
Hop 0 is the MTA delivering to your MTA - Hop 0 is NOT your MTA, i.e.
(sender-MUA)--(sender MTA)--(Your MTA)--(Your MUA)
(Hop 1)---(Hop 0)---(No HOP)(No Hop)
The reason to use Hop 0 and HopHigh 1 is to pick up a spammer MUA or MTA which is sending
or relaying through a clean MTA.
Hi Everyone -
It's hit and miss, but today I received several of the small zip files. A
quick glance and they were either txt files or .exe files. All were between
5-25K in size.
How is everyone else handling these? I was almost wondering if there is a
way to say (in general terms) IF file
Sure. You could create a Declude combo filter like that. Put a size test
before the custom filter in your global.cfg, add the tests the message fails
to incoming message headers, and in the custom combo filter look for the
size test failure warning in the headers, and look for the zip file in
I'm looking at another whitelist, but this one deosn't seem to use the IP4R
format (reversed dotted quad). It's a spanish whitelist, and its instructions
can be viewed at http://www.rediris.es/abuses/eswl/en/
Is there another test type that can be used in Declude to implement this (other
than
