I would like to use the AskDNS plugin to query a private DBL that I can
populate/manage. The idea is to subtract a few points for inbound O365 domains
that have been seen before in an effort to help block compromised O365 accounts
from domains that have never been seen before.
Ideally a new tag would be created when the last external relay is an
outbound.protection.microsoft.com host and the X-Originating-Org header value
(which should match the EnvelopeFrom domain) is used to make a new tag like
_O365ORG_ for a simple rule like this:
ifplugin Mail::SpamAssassin::Plugin::AskDNS
askdnsO365_ORG_SEEN_BEFORE _O365ORG_.o365seen.example.com A
/^127\.\d+\.\d+\.2$/
scoreO365_ORG_SEEN_BEFORE-2.0
endif
BTW, how can I find a list of all existing tags available for use? I tried a
number of greps and Google searches with no luck.
Thanks,
Dave