Let me explain my problem and goal;
For instance, a spammer installs a smtp server and he has a tool to send his
mails. He writes [EMAIL PROTECTED] in from adress and He sends his mails using
his smtp server. Namely, he doesn't use gmail's servers. I want to give high
score for these sort of mails.
Now I have written a rule according to Jeff and Matus,
Thanks to both.
header __L_ML1 Precedence =~ m{\b(list|bulk)\b}i
header __L_ML2 exists:List-Id
header __L_ML3 exists:List-Post
header __L_ML4 exists:Mailing-List
header __L_HAS_SNDR exists:Sender
meta __L_VIA_ML (__L_ML1 || __L_ML2 || __L_ML3 || __L_ML4 ||
__L_HAS_SNDR)
header __L_FROM_GMAIL From:addr =~ [EMAIL PROTECTED]
meta L_UNVERIFIED_GMAIL (!DKIM_VERIFIED && __L_FROM_GMAIL &&
!__L_VIA_ML)
priority L_UNVERIFIED_GMAIL 500
score L_UNVERIFIED_GMAIL 2.5
meta UNVERIFIED_GMAILMISS (!DKIM_VERIFIED && DKIM_SIGNED &&
__L_FROM_GMAIL && !__L_VIA_ML)
priority UNVERIFIED_GMAILMISS 600
score UNVERIFIED_GMAILMISS 0.0
any advances ?
Yavuz Maslak a écrit :
Ok
I have started to use dkim verification. I defined whitelists in
local.cf. it works.
But I could not find how I give high score for a spammer who doesn't
use gmail's mail servers.
The link that I suggested in my previous post contains spamassassin rules.
Although a domain has domain keys, how can I give positive score for a
mail which comes from a fake smtp server ?
what is a "fake smtp server"? please explain your problem and goal
clearly. It would also help to post a sample spam on pastebin.com.
