Dan Bullock said: > I will never have incoming mail coming from the outside which uses my > domain name. I'd like to create a rule which prevents it. > > The problem is that I received one of the new Bagel virus emails with > the password-protected ZIP payload. It has a FROM of my domain. It > even faked the message-id for my domain. > > How can I give a high SA score to such an email? > > Thanks, > Dan
Here's a rule I pulled off the list: #penalize mail hosts pretending to be me when connecting header LOCAL_SPOOFME Received =~ /from my\.ip\.add\.ress/ describe LOCAL_SPOOFME pretending to be from ourselves! score LOCAL_SPOOFME 3.0 -- Kurt Yoder Sport & Health network administrator
