> So lets take a look at the format of the "From: " line. It is:
>
> headername {space} sender-name {space} <[EMAIL PROTECTED]>
>
> In this case, the headername is "From:". The sender-name is
> normally what is in the /etc/passwd file as the comment field.
> It can be srounded by double-qoutes and contains a matching
> single-quotes in it. The last part is the Email addresses where
> the message is coming from. So if we use myself as an example
> the headerline would look as:
>
> From: Tony Cratz <[EMAIL PROTECTED]>
>
> That would be if I sent a message. But the SPAMMERS have only
> been using the part that would be in a whitelist being the
> Email address. And using a different sender-name.
>
> With this knowledge I decided it was time to write a couple of
> rules. The first to check if my Email address was listed in the
> from line. The second to check if the sender-name was in the
> format that I use. And then a meta rule to combine the two tests
> so that if the sender-email was my Email address but the sender-name
> is not in the format I use then it will rescore the message so
> that it removes any whitelist effect so that it can be scored
> correctly as SPAM.
>
> The rules I'm currently using are:
>
>
> header T_FROM_CRATZ_EMAIL From =~ /<[EMAIL PROTECTED]>/i
> describe T_FROM_CRATZ_EMAIL '[EMAIL PROTECTED] E-mail address'
> header T_FROM_TONY_CRATZ From =~ /tony\scratz/i
> describe T_FROM_TONY_CRATZ 'Email user name Tony Cratz'
> meta NOT_FROM_CRATZ (T_FROM_CRATZ_EMAIL && !T_FROM_TONY_CRATZ)
> score NOT_FROM_CRATZ 200.0
>
>
> This is the first set of rules I have written. There may be a
> better way to write it. And so far I have not had a large test
> base on it. But shortly after putting it into place it caught
> a fresh SPAM message.
>
I forgot to ask, is there a generic way for me to do this for
all of the users and mail lists on my site?
Tony
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
