> I would like to hear from anybody who has experience with filtering
> by the X-Mailer header. In going through my logs, the following look
> like they are consistently used for spam.
I don't know if you dropped those all into lower-case or not (I'm
guessing you did), but it is a common spammer technique to try--and,
incredibly, fail!--to simulate the x-Mailer: headers of traditional
MUAs. This should be a no-brainer for them, but...some seem to have
very little upstairs. As a result, when they mangle the header, their
mangled version in turn becomes filterable. The catch is that the
errors are subtle enough (capitalization, version numbering) that you
definitely need to do a case-sensitive search and really know what's
legitimately out there first. Rather than reinventing the wheel, you
can check out on-line and/or install the SpamAssassin standard rules,
which contain several examples of erroneous x-Mailer: impersonation.
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
