-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Eric -- "X-Spam-Relays-Untrusted" is a pseudoheader that does this. It's generated based on the parsed Received header data, and the first stanza in it will always be the first untrusted handover found in the message. It's not visible in the output normally, but you can see what it looks like by running a message through sa with -D on. - --j. Eric A. Hall writes: > Anybody got any thoughts on this? Is it doable? If not, can somebody start > thinking about macros for a future rev that will make this more possible, > something like RECEIVED_0, RECEIVED_FIRST, or whatever? > > On 6/8/2004 12:31 AM, Eric A. Hall wrote: > > Hi, > > > > I've been using SA plugged into postfix via in-line filters (allowing me > > to reject at the session level, instead of after-the-fact), and am pretty > > happy with the results. My next step is to start applying transport-type > > rules to the session data -- HELO gets spam score versus EHLO, do the > > forward and reverse domain names match, etc. -- but I need to apply these > > rules specifically to the top-most Received header only. I've done some > > simple rules so far (checking for non-existent Message-ID, for example) > > but can't see an easy way to snarf this specific data. > > > > Any rule that already does this that I should be looking for? or do I need > > to get into regex IF testing (I do this with PCRE inside postfix for a > > couple of tests already). > > > > Thanks for any pointers. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFA0MnGQTcbUG5Y7woRAiqMAJ9YvsZkWuDnUtL8Mw1hBusRv2GYAgCgzZoR 1qU8HA/s38A5O7rgpKm07lw= =yfhB -----END PGP SIGNATURE-----
