On Thu, 2011-10-20 at 19:49 -0400, dar...@chaosreigns.com wrote: > On 10/20, R - elists wrote: > > does anyone get legit emails that come from the mailengine1.com email > > marketing servers? > > > > aka streamsend aka ezpublishing ???
> > it appears to be all spammy to us > Email that's all coming from one place without any forgery is really easy > to block. http://wiki.apache.org/spamassassin/WritingRules ^^^^^ > Something like: > > header MAILENGINE1 Received =~ /mailengine1\.com/i The X-Spam-Relays family of pseudo-headers available for rules are even better for that task. Relays are properly pre-parsed, and it's easy to anchor the rule at the perimeter of your network, only matching the handing-over relay, instead of deep-header parsing like an ordinary Received header rule does. And in either case, do add some anchoring to that RE. The "com" in that example is not guaranteed to be a TLD, but might also match the first 3 chars of the domain part... > score MAILENGINE1 10 > describe MAILENGINE1 Email came from mailengine1.com, which we block locally. ^^^^^ Please get your terminology straight. This is *scoring*, not blocking. If you'd really want to block them, do it early at the SMTP level. -- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
