On 01/22/2018 06:40 PM, Alex wrote:
Hi,This part goes into the general HeaderEval.pm: $self->register_eval_rule("from_domains_mismatch"); [...]I'd like to try this, but this is not in the current 3.4.2 svn.
I am running this by manually patching the HeaderEval.pm and so far it's finding a lot of FPs in the short time it has been in place.
I know everyone's mail flow is different but I am not sure it's going to be useful as a spam indicator on it's own for inclusion in the SA core distribution. It would need to be combined with commonly spoofed brands like Fedex, Dropbox, banks, etc. This would require someone maintain a regex in the public SA rulesets that the spammers could easily get around.
I am trying to solve this spoofing problem by adding commonly spoofed and safe senders to the 60_whitelist_auth.cf as I find them and manually verify them. But this is only part of the equation that is subtracting points for authentic senders. The other side is safely adding points for those spoofing emails. Again, this may not work in the public SA rulesets since it's documentation for the spammers.
-- David Jones
