> So lets take a look at the format of the "From: " line. It is: > > headername {space} sender-name {space} <[EMAIL PROTECTED]> > > In this case, the headername is "From:". The sender-name is > normally what is in the /etc/passwd file as the comment field. > It can be srounded by double-qoutes and contains a matching > single-quotes in it. The last part is the Email addresses where > the message is coming from. So if we use myself as an example > the headerline would look as: > > From: Tony Cratz <[EMAIL PROTECTED]> > > That would be if I sent a message. But the SPAMMERS have only > been using the part that would be in a whitelist being the > Email address. And using a different sender-name. > > With this knowledge I decided it was time to write a couple of > rules. The first to check if my Email address was listed in the > from line. The second to check if the sender-name was in the > format that I use. And then a meta rule to combine the two tests > so that if the sender-email was my Email address but the sender-name > is not in the format I use then it will rescore the message so > that it removes any whitelist effect so that it can be scored > correctly as SPAM. > > The rules I'm currently using are: > > > header T_FROM_CRATZ_EMAIL From =~ /<[EMAIL PROTECTED]>/i > describe T_FROM_CRATZ_EMAIL '[EMAIL PROTECTED] E-mail address' > header T_FROM_TONY_CRATZ From =~ /tony\scratz/i > describe T_FROM_TONY_CRATZ 'Email user name Tony Cratz' > meta NOT_FROM_CRATZ (T_FROM_CRATZ_EMAIL && !T_FROM_TONY_CRATZ) > score NOT_FROM_CRATZ 200.0 > > > This is the first set of rules I have written. There may be a > better way to write it. And so far I have not had a large test > base on it. But shortly after putting it into place it caught > a fresh SPAM message. >
I forgot to ask, is there a generic way for me to do this for all of the users and mail lists on my site? Tony ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk