Hi, > One more thing. I have expanded my definition of FREEMAIL to any Google and > Office 365 senders like this: > > header __RCVD_YAHOO Received =~ /\.yahoo\.com \[/ > header __RCVD_HOTMAIL Received =~ /\.hotmail\.com \[/ > header __RCVD_GOOGLE Received =~ /\.google\.com \[/ > header __RCVD_OFFICE365 Received =~ > /\.outbound\.protection\.outlook\.com \[/ > header __RCVD_COX_NET Received =~ /\.cox\.net \[/ > header __RCVD_RR_COM Received =~ /\.rr\.com \[/ > header __RCVD_CHARTER_NET Received =~ /\.charter\.net \[/ > header __RCVD_COMCAST_NET Received =~ /\.comcast\.net \[/ > header __RCVD_CENTURYLINK_NET Received =~ /\.onyx\.syn-alias\.com > \[/ > header __RCVD_HUGHES_NET Received =~ /\(mx\.hughes\.net \[/ > > meta __RCVD_FREEMAIL (__RCVD_YAHOO || __RCVD_HOTMAIL || > __RCVD_GOOGLE || __RCVD_OFFICE365 || __RCVD_COX_NET || __RCVD_CHARTER_NET || > __RCVD_COMCAST_NET || __RCVD_RR_COM || __RCVD_CENTURYLINK_NET || > __RCVD_HUGHES_NET) > > meta ENA_FREEMAIL (FREEMAIL_FROM || FREEMAIL_REPLYTO > || FREEMAIL_FORGED_REPLYTO || __RCVD_FREEMAIL) > score ENA_FREEMAIL 0.2 > > Then I use the ENA_FREEMAIL rule in meta rules to bump up the sensitivity of > mail passing through these sources just like other non-trusted FREEMAIL.
What's the difference between creating new header rules for these or just adding the domains to the freemail_domains list? Wouldn't we want to just add them to SA proper so everyone has them?