Request for comments
Matt Kettler
mkettler at evi-inc.com
Fri Jul 20 18:36:08 IST 2007
Alex Broens wrote:
> On 7/20/2007 6:55 PM, Steven Andrews wrote:
>> Why not? I know specious argument, but this would work well so you
>> could apply a penalty or a credit to a certain domain.
>>
>> Blackberry devices are just an example, they always trigger certain
>> rules that push their scores up. Are they going to change that fact?
>> Nope. Do I want to lower the value of those rules? Nope. They catch
>> other traffic. Do I want to whitelist blackberries entirely...no way.
>> If I had a mechanism to punish or credit a certain domain, that would
>> allow such a situation where I can keep rules intact but adjust the
>> spamminess of a domain.
>
> header BLACKBERY_PASSTHRU Received =~
> /smtp[0-9]{2}\.\w+\.\w+\.blackberry\.com\b/
> score BLACKBERY_PASSTHRU -5.0
>
Even better, use X-Spam-Relays-Untrusted. It's a fake header generated by SA
that contains pre-parsed Received: headers. Its format is constant and isn't MTA
specific. The first entry is the host delivering to your last trusted server.
ie: if your trusted_networks isn't broken the last trusted server, making the
machine dropping mail off at your network the first untrusted.
This little trick starts at the begining of the text (hence the first ^) and
scans ahead for blackberry.com, but will sto if it encounters a ] (which would
be the closing bracket of the end of the first entry)
header BLACKBERY_PASSTHRU X-Spam-Relays-Untrusted =~
/^[^\]]+rdns=smtp[0-9]{2}\.\w+\.\w+\.blackberry\.com\n/
You can see X-Spam-Relays-Untrusted in a run of spamassassin -D...
[5344] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=83.98.192.7
rdns=safir.blacknight.ie helo=safir.blacknight.ie by=xanadu.evi-inc.co
m ident= envfrom= intl=0 id=l6C5gCkB027160 auth= ] [ ip=127.0.0.1
rdns=safir.blacknight.ie helo=safir.blacknight.ie by=safir.blacknigh
t.ie ident= envfrom= intl=0 id=l6C5eaJF002802 auth= ]
<snip, the rest>
More information about the MailScanner
mailing list