Request for comments
Matt Kettler
mkettler at evi-inc.com
Fri Jul 20 20:37:45 IST 2007
Alex Broens wrote:
> On 7/20/2007 7:36 PM, Matt Kettler wrote:
>> Alex Broens wrote:
>>> On 7/20/2007 6:55 PM, Steven Andrews wrote:
>>>> Why not? I know specious argument, but this would work well so you
>>>> could apply a penalty or a credit to a certain domain.
>>>>
>>>> Blackberry devices are just an example, they always trigger certain
>>>> rules that push their scores up. Are they going to change that fact?
>>>> Nope. Do I want to lower the value of those rules? Nope. They catch
>>>> other traffic. Do I want to whitelist blackberries entirely...no way.
>>>> If I had a mechanism to punish or credit a certain domain, that would
>>>> allow such a situation where I can keep rules intact but adjust the
>>>> spamminess of a domain.
>>> header BLACKBERY_PASSTHRU Received =~
>>> /smtp[0-9]{2}\.\w+\.\w+\.blackberry\.com\b/
>>> score BLACKBERY_PASSTHRU -5.0
>>>
>>
>> Even better, use X-Spam-Relays-Untrusted. It's a fake header generated
>> by SA
>> that contains pre-parsed Received: headers. Its format is constant and
>> isn't MTA
>> specific. The first entry is the host delivering to your last trusted
>> server.
>> ie: if your trusted_networks isn't broken the last trusted server,
>> making the
>> machine dropping mail off at your network the first untrusted.
>>
>>
>> This little trick starts at the begining of the text (hence the first
>> ^) and
>> scans ahead for blackberry.com, but will sto if it encounters a ]
>> (which would
>> be the closing bracket of the end of the first entry)
>>
>> header BLACKBERY_PASSTHRU X-Spam-Relays-Untrusted =~
>> /^[^\]]+rdns=smtp[0-9]{2}\.\w+\.\w+\.blackberry\.com\n/
>
> DOH!
>
> used that for other stuff.. dunno why I didn't think of it for the
> "blueberrries"
>
> thanks for the hint
No problem.
More information about the MailScanner
mailing list