Guys, I don't need a lesson on what you think should be done or what you think is the right thing to do, I just need help writing a rule. I setup mail servers all the time and I always make sure the: Mail server broadcast name, the 'A' record and the PTR all match, IT IS JUST GOOD PRACTICE, I am also not trying to block people who don't qualify, I just want to identify and score it!!
I would appreciate some help writing this rule..the SPAMMER who sent this knows what he/she is doing and it would be helpful to identify this trick. Received: from *cirencester.co.uk*(*c204131.adsl.hansenet.de*[213.39.204.131]) Robert Peace he would say instead of goodbye....peace my brother. -----Original Message----- From: Richard Frovarp [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 7:02 PM To: users@spamassassin.apache.org Subject: Re: Scoring PTR's Robert Swan wrote: > > OK the rule to block an unknown or a mail server without a PTR works > great: > > > > *header LOCAL_INVALID_PTR2 Received =~ /from \S+ \(unknown /* > > *score LOCAL_INVALID_PTR2 2* > > *describe LOCAL_INVALID_PTR2 Header contains no PTR2* > > > > > > Now how can I make a rule to score if the PTR is different than the > reported mail server like the SPAMMER below?: > > > > Received: from *cirencester.co.uk* (*c204131.adsl.hansenet.de* > [213.39.204.131]) > > >
