Paolo De Marco wrote: > Hi, > I can't understand the test DOS_OE_TO_MX. > Can anyone tell me what this test does? > Thanks > >From reading the rule "code", it appears to detect if a message claiming to be generated by Outlook Express was delivered directly to your network by an outside host.
ie: there's only one host that doesn't match internal_networks (__DOS_SINGLE_EXT_RELAY) and the X-Mailer header says "Outlook Express" (__OE_MUA). There's some logic in there to avoid matching mailing lists.. but that's the general gist..
