I have a sneaky spammer that is using compromised accounts of a mail server
that relays outbound through my Postfix servers. The spammer is Bcc'ing
200 or 300 recipients at a time and sending very slowly to avoid my high
volume detection. I need to be able to add a header that SpamAssassin can
use to score based on a combination of other rules. I also want to
maintain the privacy of the Bcc'd recipients.
I am pretty sure this could be done in a milter but I was not able to find
a milter out there that does this. I guess I could learn how to make a
milter that just counts the recipients and add a header.
I was thinking something like an X header that could be set to a value
("Low", "Medium", or "High") based on a range of recipients. I could
probably find a way to get Spamassassin to use the actual number of
recipients with a plugin if that can be added easily by Postfix or a milter.
P.S. In this instance, this spammer is sending out messages that don't
score high in SA. I can usually block outbound spam but he is sending
test/probe emails until they get through then blasting to a lot of Bcc
recipients which gets us listed on RBLs. Also the original mail server is
an Exchange server that does not add the X-Originating-IP or Received
headers of the sender so I could key off of that in SA.
Thanks,
Dave
