Hi,
I have a question, and possible feature request.
I just installed SpamAssassin on my mail server a couple of days ago.
I've been closely studying the messages that get by SA and are spam,
and I've noticed something.
Many of the messages that are spam that SA misses has return addresses
that have 'mx' in the host part of the address. Here are examples:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
I've had an email account on the Internet for 14 years, and I have
NEVER had to put anything like "mx5" in an email address. The only
thing I can think of that remotely resembles this is the old days of
Netcom when the addresses were all "ix.netcom.com". I suspect they
are including these "mx" subzone names because they are all valid
hosts in those domains (I checked with "dig", and they all return a
valid IP address).
What is needed is a rule that checks these return addresses and, if it
finds 'mx' as a subdomain, it gives it points. Regular expressions
are not my strong suit, but I think it would look something like this:
/[EMAIL PROTECTED]/
Hopefully everyone gets the jist.
It doesn't appear there's a rule like this currently. I'm wondering
if there is a way to add this type of rule?
Thanks,
Robert Case...
Arlyle Consulting
