On Thu, 19 May 2011 08:15:00 +0200 John Wilcock <j...@tradoc.fr> wrote:
> Le 19/05/2011 04:46, John Hardin a écrit : > > Sure. Well, not a _single_ rule, but you can achieve what you > > want... > > header RELAYCOUNTRY_GOOD X-Relay-Countries=~/(?:US|CA|FR)/ > > describe RELAYCOUNTRY_GOOD Relayed through trusted country > > score RELAYCOUNTRY_GOOD -1.00 > > That could be simplified: > > header __RELAYCOUNTRY_GOOD X-Relay-Countries=~/(?:US|CA|FR)/ > meta RELAYCOUNTRY_NOTGOOD __HAS_RCVD && !RELAYCOUNTRY_GOOD > > [except of course that you might find some legit French senders, for > example, relaying via servers elsewhere in Europe, so the list of > "good" countries might need to be a bit longer than you initially > think] This isn't an optimal approach. Received headers can be forged, and spammers sometimes send spam from foreign ip addresses through western mail accounts. A bad result is when the email passes through a "bad" country. A good result is when the email passes *only* through "good" countries. e.g. I use: header __RELAYCOUNTRY_SENSIBLE X-Relay-Countries =~ /^([^[:alpha:]]*(GB|US)[^[:alpha:]]*)+$/
