Have you looked at the 99_FVGT_Spoof.cf ruleset posted
at http://www.merchantsoverseas.com/wwwroot/gorilla/rules.htm ?
It sounds like you might want to work with those rules as well. (But note
that citibank sends mail through citicorp.com servers, not just
citibank.com, so you'll need to change/disable that rule if it hasn't been
updated yet!)
Also, checking /ebay\.com/ will trigger on anything that combines a word
ending in e with "bay" (I saw this on a log entry about a message from
someplace called azurebay.com, although I suspect that was spam as
well.) You should probably check on /\bebay.com\b/i instead.
Kelson Vibber
SpeedGate Communications <www.speed.net>
- Paypal spam... Bad issue Gary Smith
- Re: Paypal spam... Bad issue Daniel Quinlan
- Re: Paypal spam... Bad issue Lucas Albers
- Re: Paypal spam... Bad issue Bob George
- Re: Paypal spam... Bad issue Kelson Vibber
- Re: Paypal spam... Bad issue Bob George
- Re: Paypal spam... Bad issue Kelson Vibber
- Re: Paypal spam... Bad issue LuKreme
