On Fri, 06 Jan 2012 22:12:09 +1300
Jason Haar wrote:
> Hi Henrik
>
> I tried that - didn't make a difference.
>
> In debug mode, it certainly made the IP address show up against
> X-Spam-Relays-External - but no RBL lookups against it occurred? That
> conflicts wi
On Fri, Jan 06, 2012 at 10:12:09PM +1300, Jason Haar wrote:
> Hi Henrik
>
> I tried that - didn't make a difference.
>
> In debug mode, it certainly made the IP address show up against
> X-Spam-Relays-External - but no RBL lookups against it occurred? That
> conflicts
Hi Henrik
I tried that - didn't make a difference.
In debug mode, it certainly made the IP address show up against
X-Spam-Relays-External - but no RBL lookups against it occurred? That
conflicts with the man page: "These IP addresses are virtually appended
into the Received: chain, s
both from 41.184.112.222
>
> Could X-EN-OrigIP: and X-PHP-Script: be added to X-Spam-Relays-External
> so as to pick up the originating IP? Rewriting that IP into a Received
> header pushed the score up by 10 points due to the RBLs it's in
>
> PS: pastebin.com picked both
Hi there
I just had the following phishing attacks get through with scores in the 2s.
http://pastebin.com/4Yyc0m7j
http://pastebin.com/R0XMM9Je
Both are generated by different hacked websites - both from 41.184.112.222
Could X-EN-OrigIP: and X-PHP-Script: be added to X-Spam-Relays-External
so
On 29/06/11 12:50, Henrik K wrote:
On Wed, Jun 29, 2011 at 01:28:48PM +0300, Henrik K wrote:
On Wed, Jun 29, 2011 at 11:02:13AM +0100, Ned Slider wrote:
Hi List,
I see the useful X-Spam-Relays-External pseudo header but what I'd
really like to be able to specifically check is the
On Wed, Jun 29, 2011 at 01:28:48PM +0300, Henrik K wrote:
> On Wed, Jun 29, 2011 at 11:02:13AM +0100, Ned Slider wrote:
> > Hi List,
> >
> > I see the useful X-Spam-Relays-External pseudo header but what I'd
> > really like to be able to specifically check is the L
On Wed, 29 Jun 2011 12:01:54 +0100
Ned Slider wrote:
>
> Yes, _LASTEXTERNALRDNS_ would certainly work as the connecting IP has
> rDNS that matches the string I was trying to match.
>
> Where might I find examples of TEMPLATE TAGS usage? It's unclear to
> me how to use these options so some exa
On Wed, 29 Jun 2011 12:05:58 +0100, Ned Slider wrote:
Who said anything about trusting the IP ?
I simply want to verify that the email was relayed to me from a
particular ISP as part of a meta rule. The very fact that the
hostname(s) do have many IPs is the reason for matching that rather
than
On 29/06/11 11:24, Benny Pedersen wrote:
On Wed, 29 Jun 2011 11:02:13 +0100, Ned Slider wrote:
header __RCVD_FROM_SOMEISP X-Spam-Relays-Last-External =~ /someisp\.com/i
bad rule, hostnames can have more then one ip, would you trust every ip
now ?
Who said anything about trusting the IP ?
On 29/06/11 11:12, Axb wrote:
On 2011-06-29 12:02, Ned Slider wrote:
Hi List,
I see the useful X-Spam-Relays-External pseudo header but what I'd
really like to be able to specifically check is the Last External header
as DNSBL rules are able to do with -lastexternal.
Is there a X-Spam-R
On Wed, Jun 29, 2011 at 11:02:13AM +0100, Ned Slider wrote:
> Hi List,
>
> I see the useful X-Spam-Relays-External pseudo header but what I'd
> really like to be able to specifically check is the Last External
> header as DNSBL rules are able to do with -lastexternal.
&g
On Wed, 29 Jun 2011 11:02:13 +0100, Ned Slider wrote:
header __RCVD_FROM_SOMEISP X-Spam-Relays-Last-External =~
/someisp\.com/i
bad rule, hostnames can have more then one ip, would you trust every ip
now ?
better would be to extend ASN plugin to have whitelist specific ASN or
blacklist
On 2011-06-29 12:02, Ned Slider wrote:
Hi List,
I see the useful X-Spam-Relays-External pseudo header but what I'd
really like to be able to specifically check is the Last External header
as DNSBL rules are able to do with -lastexternal.
Is there a X-Spam-Relays-Last-External option tha
Hi List,
I see the useful X-Spam-Relays-External pseudo header but what I'd
really like to be able to specifically check is the Last External header
as DNSBL rules are able to do with -lastexternal.
Is there a X-Spam-Relays-Last-External option that I'm missing, and if
not w
15 matches
Mail list logo
