Hi, Based on SPAM-L posts from admins at Outblaze (Suresh) and rambler.ru, I conjured up a few simple rules to detect forgeries from these domains:
header RAA_FORGED_FROM_OUTBLAZE Received =~ /\.mr\.outblaze\.com/ describe RAA_FORGED_FROM_OUTBLAZE Received line forged to implicate Outblaze/Mail.com score RAA_FORGED_FROM_OUTBLAZE 3.0 header RAA_FORGED_FROM_RAMBLER Received =~ /imx[12]\.rambler\.ru/ describe RAA_FORGED_FROM_RAMBLER Received line forged to implicate rambler.ru score RAA_FORGED_FROM_RAMBLER 3.0 Have fun, -- Bob ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
