On 8/14/2006 2:23 PM, Justin Mason wrote:
Mark Martinec writes:
Having received a couple of messages faking to be from yahoo,
despite FORGED_YAHOO_RCVD and few other rules firing, the final
score was not high enough. Since Yahoo! is signing their
outgoing mail with DomainKeys, I came up with:
header __L_FROM_YAHOO From:addr =~ /[EMAIL PROTECTED]/i
meta UNVERIFIED_YAHOO __L_FROM_YAHOO && !DK_VERIFIED
priority UNVERIFIED_YAHOO 500
score UNVERIFIED_YAHOO 5.0
which seems to do its job.
I had to experiment with priority - are there any guidelines fo this?
Is this a way to go? - any obvious improvements?
Personally I'd cut the score in half. Slow DNS could cause FPs -- I've
seen it happen on mail from rogers.com which Y! runs.
makes sense to me, although --
(a) Is "From:addr" rather than "EnvelopeFrom:addr" the right header to
use?
I'd say yes. DK signs the message, not the envelope. I'm pretty sure
the current milters look for a From: header to decide on what
selector/etc to use.
Daryl
