-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Matt Kettler writes: > At 12:38 PM 3/10/2005, Mikael Hakman wrote: > >However, in my previous comment, I didn't express myself precisely enough. > >I didn't mean "block" or "let through" rather "execute test and set > >specified score if the test turns true" so that the final decision what to > >do with the mail could be affected by the other tests. Very often you also > >want to do something else than the simple block or pass, such as repackage > >and mark, give the user a hint but let him decide. AFAIK this you cannot > >do in an SMTP server. You also want to gather together all spam related > >work in one place. > > That makes sense, and is a good application for SA. > > In any event, adding custom rules is pretty easy.. And if you're using SA > 3.0 this is very easy since SA pre-parses some of the Received: headers for > you into a fake header you can write header rules for.... > > header L_RELAY1 X-Spam-Relays-Untrusted =~ /\[1\.1\.1\.1\]/ > score L_RELAY1 -1.0 > describe L_RELAY1 Address 1.1.1.1 was a relay of this message. Actually, I was wrong in my previous response -- actually, this is vulnerable to spoofing by spammers. This one is better: header L_RELAY1 X-Spam-Relays-Untrusted =~ /^[^\]]+ ip=1\.1\.1\.1 / score L_RELAY1 -1.0 describe L_RELAY1 Address 1.1.1.1 was a relay of this message. (basically, it uses the preparsed version of the header, and ensures that it's the "first untrusted host". this is always unforgeable since it's added by a trusted relay.) - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCMJCJMJF5cimLx9ARAhNdAKCXbRvTutLh6F4AdNrgZwUyHVxcMACgoVAe yWnsJUBMVzTg9i83BjQN9Pk= =P9uL -----END PGP SIGNATURE-----
