Hi, Has anyone ever seen a legitimate email with an X-Mailer: header of OutLook Express 3.14159? I've just got 9 spam messages in the last two days using this header line 6 of which were not even caugh as spam by SA (treshold of 7.0). So I added a local rule for that header (and other checks for the body as they were all advertizing sex sites on the same domain) to make sure they were caught high enough to trigger a perm reject rule during smtp. Now, I wouldn't want that X-Mailer rule to trigger on non spam as I gave it a score of 5.0. I can't find this header in any legitimate mail here. It already helped me reject 5 more spam messages today right after I restarted spamd.. :) It looked like they were all the same message and the spammer software didn't like the 550 return value to the DATA segment and just tried again and again (5 times in 2 minutes using 5 different open socks servers)
header LOCAL_PI_OE X-Mailer =~ /OutLook Express 3\.14159/ describe LOCAL_PI_OE X-Mailer contains 'OutLook Express 3.14159' score LOCAL_PI_OE 5.0 Wasn't there a rule that looked for fake versions of popular mua? Maybe I missed it, but I didn't find it when I looked for it (and no rule triggered with that header line before I set mine up) Thanks, -- Patrice Fournier [EMAIL PROTECTED] _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk