I am suddenly getting hammered by a BUNCH of spam that appears to be from
me. It scores low, and even though I keep feeding it to Bayes, it's still
not hitting the threshold to be marked as spam.
When I check the headers, it's coming from multiple random email servers,
but many appear to originate from hotmail/outlook.com. So from
outlook.com, through some unsecured email server, then to my server.
SA can't block this trash by itself, but if something post the SA invocation
can look at the headers you might be able to block it. You can certainly
mark it as spam.
For instance:
#
# Ok, catch 'from me' when it isn't
header __FROM_ME_1 From =~ /<me\@myhost\.(?:net|com)>/i
header __FROM_ME_2 From =~ /\"First Last\" <me\@myhost\.net>/
header __FROM_ME_3 From =~ /First Last <me\@myhost\.net>/
meta NOT_FROM_ME __FROM_ME_1 && !(__FROM_ME_2 || __FROM_ME_3)
score NOT_FROM_ME 10
describe NOT_FROM_ME Spammer faking the mail from me!
Mind the backslash on the quotes and at sign. Depending on versions of
things these are necessary, and don't hurt if they are not necessary.
