David Jones wrote:
One more thing. I have expanded my definition of FREEMAIL to any Google
and Office 365 senders like this:
header __RCVD_YAHOO Received =~ /\.yahoo\.com \[/
header __RCVD_HOTMAIL Received =~ /\.hotmail\.com \[/
header __RCVD_GOOGLE Received =~ /\.google\.com \[/
header __RCVD_OFFICE365 Received =~
/\.outbound\.protection\.outlook\.com \[/
[etc]
NOTE: The Received headers above are Postfix-style so you may have to
adjust the rule to fit your MTA's style or what you are trying to target.
Use the X-Spam-Relays-* metaheaders SA extracts to match against a
non-site-specific Received: chain. I pulled the examples below from the
local rules here:
header __RCVD_HOTMAIL X-Spam-Relays-External =~ /^[^\]]+
rdns=[\w.-]+\.(?:hotmail|outlook)\.com /
header __RCVD_GOOGLE X-Spam-Relays-External =~ /^[^\]]+
rdns=[\w.-]+\.google\.com /
header __HOST_YAHOO X-Spam-Relays-External =~ /^[^\]]+ rdns=[^
]+\.yahoo\.com /
header __HOST_AOL X-Spam-Relays-External =~ /^[^\]]+ rdns=[^
]+\.aol\.com /
(I really need to clean these up and probably put them in their own
file, too; I found overlapping definitions and as above, several naming
conventions.)
Note that Hotmail/Outlook.com are merged; for the record the mail flow
I've seen indicates that it's all one big cluster and the outbound mail
flows aren't segregated based on sender domain.
-kgd
