On 08/13/2013 11:25 PM, David F. Skoll wrote:
Hi,
I'm seeing a fair bit of spam from the null return path. That is,
MAIL From:<> (or in the headers, Return-Path: <>). A lot of this
spam lacks any MIME headers (MIME-Version:, Content-Type:)
I've experimented with a rule that adds points in this situation; most
legitimate DSNs have a MIME-Version: header.
So would anyone care to test this:
meta DSN_NO_MIMEVERSION (__BOUNCE_RPATH_NULL && !__MIME_VERSION)
describe DSN_NO_MIMEVERSION Return-Path <> and no MIME-Version: header
score DSN_NO_MIMEVERSION 2
The rules __BOUNCE_RPATH_NULL and __MIME_VERSION come from
20_vbounce.cf and 20_head_tests.cf respectively and look like this:
header __BOUNCE_RPATH_NULL Return-Path =~ /<>/
header __MIME_VERSION exists:MIME-Version
isn't Return-Path added my MDA? seems to me this rule will only work on
systems which run SA after delivery, and not in "gateway mode".
