SV: Spoofed email and SPF
Mark Sapiro
mark at msapiro.net
Fri May 6 04:44:33 UTC 2016
On 05/02/2016 03:28 AM, Trond M. Markussen wrote:
> Thanks for the input.
>
> Any suggestions as to the format of such a meta rule? Would this possibly
> create false positives if sent from that domain to other domains (using the
> same spam filtering)?
If the domain is 'example.com' and you also want sub_domains
header _FROM_BAD_DOMAIN From =~/[@.]example\.com(>|\s|$)/i
meta BAD_DOMAIN = (_FROM_BAD_DOMAIN + SPF_FAIL >= 2)
score BAD_DOMAIN 1000
the regexp in the header rule is fussier than many would use because it
only matches if example.com is followed by '>', white space or the end
of string.
I don't know what you mean by "other domains (using the same spam
filtering)?"
This would be your local rule in your spamassassin. If the message
scanned by your spamassassin hits SPF_FAIL and is from the bad domain it
will be given a score of 1000.
This won't affect messages From: the domain that don't hit SPF_FAIL and
it won't affect anyone else's spamassassin unless they too install this
rule.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list