Hello Michael,
No. Which is fine, because there are usually no URIs in headers, and when
there are, they are likely to be standard List-* headers, which are unlikely
to be useful.
Dont agree with that. We see many usecases for header checks...
We see many spams with a from domain inside SURBL.
And we have been testing this on our corpus for over 18 months now.
You can obviously use 'full' or the 'all' pseudo-header and look for
specific domains, but identifying everything in the header that COULD be a
domain and just testing that against a DNSBL designed for domains found in
URIs could have very bad failure modes.
I think we passed that point some years ago tbh.
How about just say the from or received headers? Is there something
like check_rbl that would look up a domain name rather than an ip
address that I could look up the domain in that URIBL list?
I played with check_rbl() but this seems only to look up numeric ip
addresses.
You can test with:
header SURBL_MULTI_HDR
eval:check_hashbl_emails('multi.surbl.org', 'raw/max=10/shuffle/host',
'ALLFROM/Reply-To', '^127\.0\.0\.\d+$')
priority SURBL_MULTI_HDR -100
describe SURBL_MULTI_HDR Domain in email headers found in
surbl multi
And score accordingly.
You could also check off reply-to/the from and so on seperately.
Have fun± Raymond Dijkxhoorn - SURBL
