On Thu, Feb 11, 2021 at 08:52:59AM -0500, Bill Cole wrote: > On 11 Feb 2021, at 7:00, Loren Wilton wrote: > > > I'm getting a lot of spams that all have a series of completely bogus > > Received headers in them. A characteristic of these headers is a > > rather improbable datestamp, considering today's date: > > > > Received: from 69-171-232-143.mail-mail.facebook.com > > ([69.171.232.143]) > > by oxsus1nmtai03p.internal.vadesecure.com with ngmta > > id 0574d1a8-1628c15907fbaba1; Thu, 06 Aug 2020 18:30:56 +0000 > > > > Note that this message must have been in flight for about a year and a > > half according to that header. > > Minor pedantry: Actually just a few days more than half a year. > > > Anyone know an easy way to check for a Received header date more than > > say a week old and add some points? > > There is a received_within_months() eval in the HeaderEval plugin which > someone wrote at some point but failed to suitably document or even use. > There are also private functions there (e.g. > _get_received_header_times()) which seem potentially useful but which > <sigh> are also undocumented. If you feel like being a pioneer, you > could try creating rules to make use of that code. > and if you want to become an hero patches to document those evals are always welcome ;-)
Giovanni
signature.asc
Description: PGP signature
