Hi,
I'd like to filter out backscatter with the DNSBL from
ips.backscatterer.org. In order not to filter out legitimate mails, but
only NDA noise and stuff, I want to limit it to mails with blank
envelope from (MAIL FROM: <>) or envelope from postmaster (MAIL FROM:
<postmas...@example.com>).
I'm not confident in writing meta rules and also the EnvelopeFrom pseudo
header rule is poorly documented, so I wonder if the blank envelope from
rule will hit at all or should read /<>/ instead of //.
These are the proposed rules:
header __LOCAL_ENVELOPEFROM_BLANK EnvelopeFrom //
header __LOCAL_ENVELOPEFROM_POSTMASTER EnvelopeFrom /^postmaster/
header RCVD_IN_DNSBL_IPS_BACKSCATTERER_ORG
eval:check_rbl('ips-backscatterer-org','ips.backscatterer.org.')
describe RCVD_IN_DNSBL_IPS_BACKSCATTERER_ORG Received via a relay in
ips.backscatterer.org DNSBL
tflags RCVD_IN_DNSBL_IPS_BACKSCATTERER_ORG net
meta LOCAL_BACKSCATTERER_ORG ((__LOCAL_ENVELOPEFROM_BLANK ||
__LOCAL_ENVELOPEFROM_POSTMASTER) && RCVD_IN_DNSBL_IPS_BACKSCATTER_ORG)
describe LOCAL_BACKSCATTERER_ORG Backscatter detected via
ips.backscatterer.org DNSBL
score LOCAL_BACKSCATTERER_ORG 10.0
Regards,
Felix Buenemann
