On Mon, 13 Apr 2015, Shane Williams wrote:
Somewhat related questions:
1. If I alter a rule's score to 0 locally, my understanding is that
the rule won't even be tested for. Does that also mean it won't count
toward meta-rules?
That depends on how it's used in the meta rule. If it's used as an
exclusion, setting it to always false won't suppress the meta.
Also: setting the score of a meta to zero won't suppress evaluation of its
component rules.
2. Is there a way to create a local rule that uses the DKIM/SPF
information such that I could match to other headers. In particular,
I'm looking to either prevent (or at least counteract) the
"HEADER_FROM_DIFFERENT_DOMAINS" rule when a mailing list is
involved. So what I'm looking for is a way to test SPF/DKIM against
the mailing list origination point rather than the sender's. Or
perhaps I'm missing some smarter way to deal with these situations.
Simple subrules combined in a neta having a negative score. There are
already subrules for detecting mailing list headers and for detecting an
invalid DKIM signature. Write a meta that combines those, and give it
enough negative points to offset the positive score.
Note, however, that mailing list headers are easy for spammers to forge.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
I'm seriously considering getting one of those bright-orange prison
overalls and stencilling PASSENGER on the back. Along with the paper
slippers, I ought to be able to walk right through security.
-- Brian Kantor in a.s.r
-----------------------------------------------------------------------
Today: Thomas Jefferson's 272nd Birthday
