On Thu, 20 Dec 2018, Amir Caspi wrote:
John, would you mind sandboxing a rule?Two or more dots in the From username seems to be rather spammy (and we've talked about it before on the list). Would you mind sandboxing this test rule to see if it would be helpful as a main rule? I get a lot of spam locally that hits this... header AC_FROM_MANY_DOTS From =~ /<(?:\w+\.){2,}\w+@/ describe AC_FROM_MANY_DOTS Two or more periods in the From username We could, of course, increase to three or more dots... maybe the three-dot version would score higher on its own, but the two-dot could be better in combo... not sure. Hopefully it's helpful... Cheers. --- Amir
Can you also provide a spample? Thanks! -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never does quite what I want. I wish Christopher Robin was here." -- Peter da Silva in a.s.r ----------------------------------------------------------------------- 5 days until Christmas
