On 8/13/2013 5:25 PM, David F. Skoll wrote:
Hi,
I'm seeing a fair bit of spam from the null return path. That is,
MAIL From:<> (or in the headers, Return-Path: <>). A lot of this
spam lacks any MIME headers (MIME-Version:, Content-Type:)
I've experimented with a rule that adds points in this situation; most
legitimate DSNs have a MIME-Version: header.
So would anyone care to test this:
meta DSN_NO_MIMEVERSION (__BOUNCE_RPATH_NULL && !__MIME_VERSION)
describe DSN_NO_MIMEVERSION Return-Path <> and no MIME-Version: header
score DSN_NO_MIMEVERSION 2
The rules __BOUNCE_RPATH_NULL and __MIME_VERSION come from
20_vbounce.cf and 20_head_tests.cf respectively and look like this:
header __BOUNCE_RPATH_NULL Return-Path =~ /<>/
header __MIME_VERSION exists:MIME-Version
I've thrown it in my sandbox and committed. I don't really pay
attention to null-path emails as they all go into a postmaster file for
me but we can see how it does in rulesqa. It might need to be manually
promoted based on feedback but anything you've seen with good results is
enough for me to +1.
regards,
KAM
