On Wed, 2010-03-10 at 13:37 -0600, Dennis B. Hopp wrote: > Obviously we just have to tell the clients that they need to deal with > the various e-mail providers, but is there an effective way that I can > filter these messages out before my users see them without blacklisting > the address? > There's nothing in SA that can blacklist a sending MTA, so blacklisting can't happen unless you've added something to your MTA set-up that does auto-blacklisting.
The question then comes down to marking the message as spam and dealing with it however you normally deal with spam. You'll probably need custom rule(s) to handle that. You say the message bodies are quite variable, but I notice that the Reply-to: header doesn't remotely match the From: header. Is this a common factor? If it is, and the body texts have no common features that could also be used, the only obvious approach would be a rule for each forged sending domain that fires if the sending domain doesn't match the Reply-to domain. Only you can know if these rules would cause false positives: I can't possibly tell from a single sample message. Martin
