On 7/25/2014 8:07 AM, Andre Luiz Paiz wrote:
I tried to use the following rule (from Spamassassing guide), but it
did not worked:
header LOCAL_HEADER from =~ /@localhost/ [if-unset: @localhost]
score LOCAL_HEADER -3.0
- Sample of the email on pastebin.com
- What rules hit already? Seriously, how did the email get to -86 to
begin with?
- Can your mail system be setup to better handle these system forgeries?
Then I would likely try and identify a meta rule that says "this is a
localhost email" that can only be run on your system. Perhaps
__LOCAL_RECEIVED and look at your internal_trusted and
trusted_networks. Not sure off hand the best way to do this
then a test for your from=~ /@localhost/
__LOCAL_FROM From =~/@localhost/i
Then a meta that looks for the a mismatch and score that high.
Here's an example for an AOL address rule: using Good and Bad:
header __KAM_AOL From =~ /\@aol.com/i
describe __KAM_AOL Partial Rule: Marks AOL Addresses
header __KAM_GOODAOL From =~
/[a-z][a-z0-9]{2,15}\@aol.com/i
describe __KAM_GOODAOL Partial Rule: Marks Bad AOL
Addresses
meta KAM_COMBO_BADAOL __KAM_AOL && !(__KAM_GOODAOL)
describe KAM_COMBO_BADAOL Invalid AOL Email Address-High
probability of spam
score KAM_COMBO_BADAOL 3.0
Regards,
KAM
