This is my rule for a case that has also been discussed in this list.
I wrote it two weeks ago, and it works so far.
This part goes into your local.cf:
header __F_DM1 eval:from_domains_mismatch()
header __F_DM2 From:addr =~ /\@(exception1|exception2)(\.[^\.]+)?\.it/
meta F_DM ( __F_DM1 && ! __F_DM2 )
describe F_DM From:name domain mismatches From:addr domain
priority F_DM -1
score F_DM 5.0
This part goes into HeaderEval.pm:
$self->register_eval_rule("from_domains_mismatch");
...
sub from_domains_mismatch {
my ($self, $pms) = @_;
my $temp;
$temp = $pms->get('From:addr');
$temp =~ /@(.+)/; my $fromAddrDomain; $fromAddrDomain = "$1";
$temp = $pms->get('From:name');
$temp =~ /@([^\@\"\s]+)/; my $fromNameDomain; $fromNameDomain = "$1";
dbg("from_domains_mismatch: fromNameDomain=$fromNameDomain,
fromAddrDomain=$fromAddrDomain");
if ( $fromNameDomain eq "" ) {
return 0; # all well
} else {
if( $fromNameDomain eq $fromAddrDomain ) {
return 0; # all well, they match
} else {
return 1; # mismatch, possibly spam
}
}
}
Note that some legitimate e-mail providers, who send e-mail on behalf of their
client, make the mistake of re-writing the From header, injecting their own
address in it. The "exception1|exception2" above is meant to mitigate this case
while they solve this problem.
R.G.
