Hello, All, I have a situation that I was hoping to get some feedback on. We have an e-mail user who is using our spam filtering service. They have a domain name setup with an outside e-mail hosting provider and all of the e-mail that is sent to that domain name gets forwarded over to his account that is hosted with us. Because of this forwarding all domains which are defined in our "spam domains" list get flagged as coming from the wrong mail server and weight is added on to the message pushing it over the "hold weight" even though if the message would've been delivered directly to us it would've been fine. (See below involving MINDSPRING.COM)
Unless there's a more better way to to do this involving a different type of test, and please tell me if there is, I would like to create a FILTER that looks for a certain string and subtracts a few points based on that string. So far my the sum total of my experience with filter is using MAILFROM as my "location" in the filter. Based on the header information below, what would be the best "location" to use in my filter and what would be the best string to search for in that location? Are BODY, HEADERS, HELO, MAILFROM, REMOTEIP, REVDNS, ALLRECIPS and SUBJECT the only locations available for use in a filter? Since I'm basically making this exception for just one situation (unless others come up later) I would like to use the solution that adds the last amount of additional overhead to the spam-filtering system. Thanks For Your Feedback! Dan Geiser [EMAIL PROTECTED] P.S.: Some Names Have Been Changed to Protect the Innocent ==================================== Received: from extremehosting.com [64.106.222.10] by danstitleagency.com.com (SMTPD32-6.06) id A7C83A700F4; Thu, 02 Oct 2003 09:27:36 -0400 Received: (qmail 8871 invoked by uid 89); 2 Oct 2003 13:27:37 -0000 Delivered-To: [EMAIL PROTECTED] Received: (qmail 8852 invoked from network); 2 Oct 2003 13:27:34 -0000 Received: from stork.mail.pas.earthlink.net (207.217.120.188) by 64.106.222.242 with SMTP; 2 Oct 2003 13:27:34 -0000 Received: from user-0cdv5be.cable.mindspring.com ([24.223.149.110] helo=JohnDoe) by stork.mail.pas.earthlink.net with asmtp (Exim 3.33 #1) id 1A53TP-0000ia-00 for [EMAIL PROTECTED]; Thu, 02 Oct 2003 06:26:27 -0700 Message-ID: <[EMAIL PROTECTED]> Reply-To: "John Doe" <[EMAIL PROTECTED]> From: "John Doe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: topic Date: Thu, 2 Oct 2003 09:23:15 -0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0038_01C388C6.CF556C50" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-ELNK-Trace: 097c147a6b3c29b49649176a89d694c0f43c108795ac4507ebfb9684c58d7b9521d979922ded d6f1350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-RBL-Warning: SPAMDOMAINS: Spamdomain '@mindspring.com' found: Address of [EMAIL PROTECTED] sent from invalid mail.extremehosting.com. X-Declude-Sender: [EMAIL PROTECTED] [64.106.222.10] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: IPNOTINMX, WEIGHT05, WEIGHT07, WEIGHT08, WEIGHT09, WEIGHT10, WEIGHTRANGE05-39, WEIGHTRANGE07-39, WEIGHTRANGE08-39, WEIGHTRANGE09-39, WEIGHTRANGE10-39, WEIGHTRANGE05-49, WEIGHTRANGE07-49, WEIGHTRANGE08-49, WEIGHTRANGE09-49, WEIGHTRANGE10-49, SPAMDOMAINS [10] ==================================== ----------------------------------------------------------------------- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
