Hi, On Tue, 11 May 2004, Spam Admin wrote:
> Our hospital has been getting a significant amount of obscene spam > lately from a group called Outblaze. It's getting past both IP > blacklists and SpamAssassin v2.63 using RulesDuJour. Drop all mail matching: Received:.*\.mr\.outblaze\.com and your problems will be solved. There's a rule in SA 3.x that takes care of this. Add the following to /etc/mail/spamassassin/local.cf : header FAKE_OUTBLAZE_RCVD Received =~ /\.mr\.outblaze\.com/ describe FAKE_OUTBLAZE_RCVD Received header contains faked 'mr.outblaze.com' score FAKE_OUTBLAZE_RCVD 7.0 Adjust score as appropriate. Outblaze has said that no legitimate mail will originate from *.mr.outblaze.com, ever. This is suitable for dropping at the MTA level if you can manage it. -- Bob
