Loren Wilton wrote:
Thanks for the info Bret. What I've come up with is this:
header _FROM_DOMAIN From ~= /example\.com/i
header _SPF_TRUE /\bSPF_FAIL\b/
meta DOMAIN_SPF_TRUE (_FROM_DOMAIN&&_SPF_TRUE)
score DOMAIN_SPF_TRUE 10.0
Will this work?
Kinda, with few changes:
header __FROM_DOMAIN From ~= /\bexample\.com\b/i
header __SPF_TRUE ALL ~= /\bSPF_FAIL\b/
This will make sure you get example.com and not myexample.communists.
However, the From header is *really* easy to spoof, so this isn't much
of a check. You would probaly be better off looking for the host name
in one of the received headers.
You also need to give a target to the second header test. I used
"ALL" to search all of the headers for the string you want. However,
if you know the name of the header you are looking for, you could
better do something like
header __SPF_CHECK SPF_FAIL:Exists
Assuming the header was named "SPF_FAIL"
Note also you want two leading underscores, not one, on those meta
parts, so the final line becomes:
meta DOMAIN_SPF_TRUE (__FROM_DOMAIN && __SPF_TRUE)
Loren
Hi Loren
Thank you very much. I'll give it a try. The final filter will then look
like this?
header __FROM_DOMAIN From ~= /\bexample\.com\b/i
header __SPF_TRUE ALL ~= /\bSPF_FAIL\b/
meta DOMAIN_SPF_TRUE (__FROM_DOMAIN&&__SPF_TRUE)
score DOMAIN_SPF_TRUE 10.0
Just a question though.. This whole process happens in Spamassassin...
Will there be a SPF_FAIL in the header already at the time of this
check?? I get the feeling there won't..
Regards
JvdW
