What do you guys think of this simple header line: Received: from Evan ([81.68.237.96])
Shouldn't there be a .com, .net, .biz, etc.. after the Evan all the time? I know most of us will have something like this: Received: (from [EMAIL PROTECTED]) But that is enclosed in paran's. I'm pretty sure that the S/O ratio on something like this should be good. Unfortunetly my corpus isn't that big enough yet to check this. Can someone check? How does this regex look? header WRKSTATION_NAME Received =~ /^from \w+ \(\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)/ describe WRKSTATION_NAME Email server didn't have a FQDN score WRKSTATION_NAME 0.01 As always, this rule wouldn't score more then say 0.75 on my system. Maybe less. I like more small rules to hit then less big ones. Chris Santerre System Admin and SA Custom Rules Emporium keeper http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm "A little nonsense now and then, is relished by the wisest men." - Willy Wonka ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk