Re: First Received Header only

Sun, 08 Oct 2006 09:16:20 -0700 

On Sun, 8 Oct 2006, John Rudd wrote:

> Is there a way to have spam assassin look at the first received
> header only?

I assume you have a clear idea of what you mean by "first"? The
Received header that *your* MTA is adding? The Received header that
the outermost MTA you trust is adding?

> I want to check certain characteristics of the first received header 
> (for the current relay), like whether or not it looks like a dynamic
> hostname, etc., and boost the score based on that.  Can I do that with 
> regular rules, or do I need to do that with a plug-in, or what?  (or, 
> has someone else already done that?)

Some of that is already done automatically by SA. That is why you
define the trust path. But if that's not sufficient:

There is probably some static information in the desired Received
header that you can key off, e.g. the "by {hostname}" part:

 header FNORD Received =~ /some_test.*(?:\bby\sfirst\.trusted\.host)/i

...where you'd vary the some_test part over multiple rules to check
for different things in the header picked out by the constant
first.trusted.host hostname part.

How robust this is will depend on how complex your mail relay chain
is. If your trusted ISP has lots of exposed mail servers it may be
difficult to do it this way.

'course, now somebody will chime in with a SA facility for doing this
neatly that I'm not aware of, and make me look silly (again)... :)

Like: is there a pseudo-header available to rules that is the
outermost Received header in the trust path? If not, then it might be
a useful addition.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]    FALaholic #11174    pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  The difference is that Unix has had thirty years of technical
  types demanding basic functionality of it. And the Macintosh has
  had fifteen years of interface fascist users shaping its progress.
  Windows has the hairpin turns of the Microsoft marketing machine
  and that's all.                                    -- Red Drag Diva
-----------------------------------------------------------------------

Reply via email to