Thanks for the votes for answer b)! >>b) Maybe I'd be better off with a few points (vs -100 from a whitelist) if >>the received_from ends blackberry. I could write a rule for that, and score >>say -4. > >Write a rule to score the message by -2 if it is received from *.blackberry.com > >Regards, >-sm
How's this? Too loose? header CRACKBERRY Received =~ /blackberry.com\b/i score CRACKBERRY -2 describe CRACKBERRY Blackberry loses a lot on BASE64 rules, even it out. Example header: Received: from smtp01.bis.na.blackberry.com [216.9.248.48] by mail.visioncomm.net with ESMTP (SMTPD32-13.5) id AC3534020148; Thu, 08 Feb 2007 10:05:25 -0500
