> On Jun 24, 2025, at 7:42 AM, Benoit Panizzon <benoit.paniz...@imp.ch> wrote:
>
> Hi Bill
>
>> Note that there are also subsets of Received headers with fields parsed
>> out that you can use, see `perldoc Mail::SpamAssassin::PerMsgStatus` for
>> a discussion of all of the available "pseudo-headers." There are
>> examples in existing rules.
>
> Oh, nice!
>
> Having a Look at:
>
> X-Spam-Relays-Trusted:
> X-Spam-Relays-Untrusted:
>
> which return a nice array of key=value rdns= being the one of interest
> to me :-)
>
> Mit freundlichen Grüssen
>
> -Benoît Panizzon-
In the case of an ISP or ASP having a large number of CIDRs, you might want to
block based on ASN (autonomous system number) instead, i.e.:
header __L_AS_DION eval:check_asn('/^AS2516\b/')
header __L_AS_IDC eval:check_asn('/^AS4694\b/')
header __L_AS_GMO eval:check_asn('/^AS58791\b/')
header __L_AS_GMO2 eval:check_asn('/^AS7506\b/')
header __L_AS_OCN eval:check_asn('/^AS4713\b/')
header __L_AS_SAKURA eval:check_asn('/^AS7684\b/')
meta L_BLOCK_JP_ASNS (__L_AS_DION || __L_AS_GMO || __L_AS_GMO2 ||
__L_AS_IDC || __L_AS_OCN || __L_AS_SAKURA)
describe L_BLOCK_JP_ASNS From spammy Japanese networks
score L_BLOCK_JP_ASNS 20.0
Blocking GMO and Sakura cut about 8% of my spam alone.
