Hi,
recently i saw a lot of spam that didn't get catched by spamassassin.
All the messages have in common that the first received header ist forged.
Here an example:
Received: from 141.88.223.236 (HELO mx1.ihk.de)
by mydomain.at with esmtp (08E71A-P)@7X K0'+V)
id 76)4Y6-5>0O4:-+8
for [EMAIL PROTECTED]; Mon, 4 Dec 2006 01:20:50 +0180
From: "Annmarie Esposito" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
They use the recipient domain (virtual domain on our mailcluster)
as the servername in the received line.
Is there a way to write a custom rule for this scenario?
I have set trusted and internal_networks to our public mailserver subnet.
Thanks!
Alex Handle
