How do I write a rule that negative scores emails "from" blackberry.com. In other words, where the reverse DNS of the IP address connecting to my mailserver matches the regex /.*blackberry\.com$/
The obvious: Received =~ /.*blackberry\.com$/ doesn't work, because someone could "HELO blackberry.com" or spoof a blackberry.com received header somewhere in the message headers prior to the last hop. Is this a good place to use the X-Spam-Relays-Trusted: and X-Spam-Relays-Untrusted: psuedo-headers? Reason I want to do this: by default, Blackberry sends text email MIME-encoded and its timezone is +0000. This means it gets dinged by the MIME_BASE64_TEXT rule AND the LW_STOCK_SPAM4 which is defined as: meta LW_STOCK_SPAM4 __RATWARE_0_TZ_DATE && MIME_BASE64_TEXT I want to even things out by giving a negative score to cancel out those two positive scores. Has anyone else run into this issue and/or written a rule to compensate? -- We're just a Bunch Of Regular Guys, a collective group that's trying to understand and assimilate technology. We feel that resistance to new ideas and technology is unwise and ultimately futile.
