Joseph Brennan wrote: > Jeff Koch <[EMAIL PROTECTED]> wrote: > > One of the problems is that the actual spam email is sometimes not > > attached. But interestly enough we are usually sent the email header of > > the original email. From that we (the humans) can easily spot that the IP > > address of the mailserver claiming to be ours is, in fact, not. So, if > > that line in the returned email header can be parsed perhaps a program > > can validate the IP address. > > Check the precise format, but if you have something like this in the > original header, with your host's name... > (hostname.example.com [11.22.33.44]) > ...and that's not the right IP, that would be a good test. > > It sounds like you could get that with a 'body' rule.
A 'body' rule does not see a header section of an attached mail, a 'full' rule is needed, as pointed out elsewhere (but the 'full' rule sees a main header section too). See: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5872 Mark
