body TEMP_BLOCKADE /Received: from
d04m-89-83-98-193\.d4\.club-internet\.fr \(\[89\.83\.98\.193\]\)/
describe TEMP_BLOCKADE Temporary blockade of club-internet.fr joe job
score TEMP_BLOCKADE 15
This might be enough to be unambiguous.
body TEMP_BLOCKADE /Received: from d04m-89-83-98-193\./
{^_^}
----- Original Message -----
From: "thadcoco" <[EMAIL PROTECTED]>
Sent: Sunday, 2008, June 29 07:07
Hi All,
My server CentOS 4, Sendmail, MailScanner (SA & ClamAV) is being buried by
spoofed emails that are bounced back to my domain by the recipient's
servers. Virtually all these emails are being sent from a zombie at a
single
IP.
i.e.: All the messages contain the following line somewhere within:
Received: from d04m-89-83-98-193.d4.club-internet.fr ([89.83.98.193])
I can't figure out how to mark any messages that originally sourced from
that IP so that that can be dropped by Procmail (that approach would
appears
to be my only hope, as junk is arriving faster than my mail client can
pull
it off the server.
I have tried to write a rule that would mark any message with that
particular IP, but nothing seems to work.
An example that doesn't work (but does --lint just fine) is:
header ANNOYING_SPAMMER Received =~ /89\-83\-98\-193/
describe ANNOYING_SPAMMER Mark mail touched by specific IP as spam
score ANNOYING_SPAMMER 15
Does SA only scan the most recent Received Header line? If so, the
"Header -
Received" syntax wouldn't work because the bad IP is in the original
Received line. In case that was the problem, I also tried the Rawbody
operator to no avail.
Note that other than this issue, SA appears to be doing everything else
just
fine.
So I am desperate and would be grateful for any suggestions. For
reference,
here are my full procmailrc and local.cf files for reference.
/etc/procmailrc
-----------------
DROPPRIVS=yes
:0fw
* < 256000
| /usr/bin/spamc -f
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null
----------------
/etc/mail/spamassassin/local.cf
-----------------
# Change the subject of suspected spam
rewrite_header subject *****SPAM*****
# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)
report_safe 0
# Enable the Bayes system
use_bayes 1
# Enable Bayes auto-learning
bayes_auto_learn 1
# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
#use_dcc 1
use_pyzor 1
header ANNOYING_SPAMMER Received =~ /89\-83\-98\-193/
describe ANNOYING_SPAMMER Mark mail touched by specific IP as spam
score ANNOYING_SPAMMER 15
---------------
--
View this message in context:
http://www.nabble.com/Being-Buried-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18181167.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
