## Forged CAMI Header
header __CLAIMS_FROM_CAMI From =~ /[EMAIL PROTECTED]/i
header __NOT_CAMI_IP Received !~ /\[206\.252\.197\.\d+\]/
meta FORGED_CAMI_RCVD (__CLAIMS_FROM_CAMI && __NOT_CAMI_IP)
describe FORGED_CAMI_RCVD Forged CAMI Header
score FORGED_CAMI_RCVD 10.000
Note that __NOT_CAMI_IP contains a negative operator and contains a regex matching all of my "legit" IP networks (pared down here for readability).
"legit" meaning "yours"?
and is that Received only looking at the top Received: header?
-- Oh and I could be a genius if I just put my mind to it And I, I could do anything if only I could get 'round to it.
smime.p7s
Description: S/MIME cryptographic signature
