Hi, > I've noticed a few emails get let into our organization everyday that is sent > from a free email account such as yahoo and gmail. When I do a rDNS lookup, > of the IP, it points back to a real server (not a spam server). > > Here's an example of one that just got let in: > Mar 31 12:05:34 mailgate2 spamd[14709]: spamd: processing message > <39701.814...@web36505.mail.mud.yahoo.com> for apache:48
That's a yahoo message ID, but did it in fact come from yahoo? > Mar 31 12:05:38 mailgate2 spamd[14709]: spamd: result: . 0 - > DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,T_RP_MATCHES_RCVD Where did you get that T_RP_MATCHES_RCVD rule and what does it do? Is it something you wrote to match on yahoo.com sender? I've put together a few rules that match on freemail domains with particular contents (typically a URI) in the body for instances just such as this. If you're really having trouble, post a message to pastebin.com and a message to the list here with that link, so we can help further. Best, Alex
