On 12/3/2022 1:34 π.μ., Nikolaos Milas wrote:
...
Also, what should I do to catch (and score) ALL mails with 2 different
mail addresses in the From header (regardless whether there is an
encrypted zip attachment or not)?
...
Hi Matus,
Regarding the above, I understand I could probably simply raise the
score for the PDS_FROM_2_EMAILS rule in /etc/mail/spamassassin/local.cf,
like:
score PDS_FROM_2_EMAILS 4.0
However, it strikes me that incoming mail like the one I originally
referred to, with a header field like:
From: "<John Doe> [email protected]" <[email protected]>
does NOT mention any scoring by this rule:
X-Spam-Status: Yes, score=4.693 tagged_above=-999 required=3.4
tests=[BAYES_50=0.8, DATE_IN_FUTURE_12_24=3.199, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MISSING_MID=0.497,
RCVD_IN_MSPIKE_H2=-0.4, RDNS_NONE=0.793, SPF_HELO_NONE=0.001,
SPF_PASS=-0.1, TVD_SPACE_RATIO=0.001, URIBL_BLOCKED=0.001]
autolearn=disabled
Questions:
1. How can I check if this or any other rule is active and which is its
current score?
2. Could the PDS_FROM_2_EMAILS be triggered only when the From field
contains ONLY two different mail addresses and nothing else? I only
found in my quarantine two mails scored with this rule, and they both
contained nothing else than two addresses in the From field, whereas the
usual case is like the example I wrote above, i.e. there is a name as
well. If this is so, how can we write a rule that would catch all other
mails which contain "anything plus two different mail addresses"?
Thanks,
Nick
