On Wed, 2007-10-31 at 07:59 -0400, Matt Kettler wrote: > ram wrote: > > Is there a rule where I can give a score for enevelope from not > > matching header from > > Atleast the domain part > So, you want to match all messages from all mailing lists, including > this one? Envelope from to From: header mismatches are *very* common, > and there's RFC specified times at which this should occur.
I will use in a composite rule like meta HEADER_MATCH_FAIL_SPAM ( HEADER_MATCH_FAIL && HEADER_FROM_MYBANK) score HEADER_MATCH_FAIL_SPAM 5.0 > > > > > > for eg, if someone forges my banks domain name in the header from ( They > > cant use that in the envelope from because my bank uses SPF records and > > phishers get caught easily ) then I want to mark it as spam. No one has > > any business putting mybanks domain name in the from id > > > Why not enable SA's SPF feature and let SPF_FAIL deal with this? > I cant use SPF_FAIL here becuse the envelope-from is not a banks id Thanks Ram
