Le 21/06/2009 12:04, Jeremy Morton a écrit :
OK, so I just got one of those www medsXX com spams, and even though it
hit my rule and got 2.0 added to it, it still didn't even get over 3
points. Looks like it was sent from quite a legit host. What rules do
other people get matching for this e-mail?
http://pastebin.com/m3b9629b6
To add to other suggestions, this also hits a useful meta rule I've been
trying recently (both the subrules are in standard SA 3.2.5):
meta RDNS_NONE_DIRECT_MX (__DOS_DIRECT_TO_MX && RDNS_NONE)
This may get an occasional FP from senders with poorly configured
servers (or temporary DNS problems), so don't score it too high.
John.
--
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
