Is there a consistent way to match whatever headers might be available
in a returned message?
I've got one customer reporting backscatter spam, and while I've been
able to create a number of rules that usually hit, they tend to fail on
NDRs that are not "properly" formatted (eg, complete or
headers-plus-a-bit original message attached as RFC822 message).
I've had only very limited success using rawbody rules, and slightly
more using the new(ish) mimeheader rule type. Unfortunately, something
like a qmail NDR won't have any MIME parts to extract headers *from*...
and I'd really prefer not to have to create three copies of each
subrule in the set to target all the variations on where the matching
text is.
The original spams seen so far are "Your order update" emails claiming
to be from Amazon or Apple. The rules I've been creating match on the
From and Subject headers from the original - no NDR arriving at any
customer account here should ever be from Amazon or Apple.
-kgd
- Match returned message headers on any NDR Kris Deugau
-
