[Declude.JunkMail] question about filters

[Joshua Levitsky]

In trying to come up with filters I was thinking of checking for PTRs that end in in-addr.arpa and HELOs that begin with a [  but then it hit me... when one of my users sends mail to another user on the server then the mail is inbound mail and those filters apply to them.. that of course is bad because a Cable or DSL person sending mail would probably have PRTs with in-addr.arpa on them.   Is this a problem because Imail hasn't had a way for declude to tell what is incoming from an authenticated user or am I thinking about the filters in a flawed way? Below is the filter that is a work in progress... perhaps someone could help me make it better or fix my flawed logic... I made this from posts here that I saw people post, and started to mash them together in to one good filter.   64.81.214.120 = mail.joshie.com I bounce from 20 to 39, and delete from 40 up.   # catch attempt to pretend to be us   HELO 11 CONTAINS joshie.com HELO 11 CONTAINS 64.81.214.120 HELO 11 CONTAINS $domain HELO 11 IS  localhost HELO 11 IS  localhost.localdomain HELO 4 STARTSWITH [ REVDNS 4 ENDSWITH .in-addr.arpa   # prevent false positives internally (usually due to # forwarding false positives to correct person)   REVDNS -100 CONTAINS joshie.com   # mail servers with no real name   HELO 8 ENDSWITH 0 HELO 8 ENDSWITH 1 HELO 8 ENDSWITH 2 HELO 8 ENDSWITH 3 HELO 8 ENDSWITH 4 HELO 8 ENDSWITH 5 HELO 8 ENDSWITH 6 HELO 8 ENDSWITH 7 HELO 8 ENDSWITH 8 HELO 8 ENDSWITH 9   # many spams with our name in the mailfrom also contain two asterisks, # never seen it in legit mail   mailfrom 8 contains **