Hi, In the last few days some spam messages have been able to elude the filters I use. Upon checking the headers, it seems to be following the same pattern. Left only a few headers to exemplify:
----- Received: from localhost (localhost [127.0.0.1]) by mx.company.com (Postfix) with ESMTP id 8BCA320EC86 for <mym...@company.com>; Received: from blu0-omc2-s12.blu0.hotmail.com (blu0-omc2-s12.blu0.hotmail.com [65.55.111.87]) by mx.company.com (Postfix) with ESMTP id 75B9D20D6C3 for <mym...@company.com>; X-Originating-IP: [189.158.116.140] From: Romain Lenoir <romd...@hotmail.fr> To: <somefakem...@somedomain.com> Subject: re: I just earned $31 in a few hours at home on the computer! I went to - Business Week Journal* You will thank me ----- * this is a <a href=virus_link>Business Week Journal</a> link My question is: shouldn't there be a rule to verify that the mail specified at "To:" header actually corresponds to the one at "Received: [...] for <>"? This would be a very effective spam catching rule. I am using /SpamAssassin version 3.2.3 running on Perl version 5.8.8/ invoked with /amavisd-new-2.5.4 (20080312)/, on Slackware 12.0.0. Thank you, Alex F. The information contained herein is intended for its addressee(s) only and it is privileged or otherwise confidential. Any unauthorized distribution, amendment or disclosure hereof is strictly forbidden by the law. Please find complete and translated versions at http://www.rompetrol.com/disclaimer.html
