Mark wrote:
> Dear people,
>
> I have been trying to put mail from *groups.yahoo.com to the white_list. I
> added an entry like this:
>
> whitelist_from *groups.yahoo.com
>
> But mail coming from those groups are still flagged as spam. Naturally
> groups.yahoo.com is not in the sender From: address, but in the envelope
> from. Is there a way I can test for that too, so as to put it on the
> whitelist?
>
> Thanks!
>
> - Mark
Mark,
Although I know it's not a good idea to trust "Recieved:" headers,
here's a possible fix (somebody speak up if my regexp is hosed here :^):
header RCVD_YAHOO_GROUPS ALL =~ \
/\nReceived: (.*\n\s+)*[^\n]*groups\.yahoo\.com.*\n\w*/si
describe RCVD_YAHOO_GROUPS Possibly-forged 'Received:' header found
score RCVD_YAHOO_GROUPS -3.0
Sorry for the break in the "header" line. As I said, my regexp isn't
so good for such complex rules so you should verify it before you plug
it in! The idea is to match on the "Received:" tag an 0 or more lines
beginning with whitespace after it (continuations) and look for
"groups.yahoo.com" in those lines. This might have unexpected results
if a spammer where to have a Received: as the last header ... I don't
know how SA would handle that, but it's pretty unlikely.
Don
--
--------------------------------------------------------
Donald L. Greer, Jr [EMAIL PROTECTED]
System Administrator Voice: 512-300-0176
AustinTX http://www.AustinTX.COM/
All opinions are my own. Flame me directly.
"I don't necessarily believe software should be free...
but if you pay for it, it should work!" -- Me
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
