"Loren Wilton" <[EMAIL PROTECTED]> writes:
> (You do need at least {28,29} to make it work.)
Hmm... the rule submission used {28}.
> This one is almost too easy. The Message-ID is always 28 or 29
> uppercase alpha characters ending in either AA or AB, followed by a
> dot, followed by the complete sender's email address including the
> domain. Also, the timezone is always +0000, similar to ratware #2
> above. Many other details vary, such as the claimed mailer. However,
> we have some constants.
Hmmm... I suspect we could ignore some of those details if the FP rate
is already zero, but we might want to note them in a comment.
> Usually the From follows the Message-ID, but not always. So we have
> to do this check twice.
The eval function would address that.
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
