Thanks for the info Bret. What I've come up with is this:
header _FROM_DOMAIN From ~= /example\.com/i
header _SPF_TRUE /\bSPF_FAIL\b/
meta DOMAIN_SPF_TRUE (_FROM_DOMAIN&&_SPF_TRUE)
score DOMAIN_SPF_TRUE 10.0
Will this work?
Kinda, with few changes:
header __FROM_DOMAIN From ~= /\bexample\.com\b/i
header __SPF_TRUE ALL ~= /\bSPF_FAIL\b/
This will make sure you get example.com and not myexample.communists.
However, the From header is *really* easy to spoof, so this isn't much of a
check. You would probaly be better off looking for the host name in one of
the received headers.
You also need to give a target to the second header test. I used "ALL" to
search all of the headers for the string you want. However, if you know the
name of the header you are looking for, you could better do something like
header __SPF_CHECK SPF_FAIL:Exists
Assuming the header was named "SPF_FAIL"
Note also you want two leading underscores, not one, on those meta parts, so
the final line becomes:
meta DOMAIN_SPF_TRUE (__FROM_DOMAIN && __SPF_TRUE)
Loren
