Hi, I've been receiving tons of messages not being tagged by spamassassin on one host, despite it hitting bayes999, and wanted to see if there was something that could be done.
http://pastebin.com/vxrUdEvy As of right now, 23.246.233.6 isn't listed on zen or any other popular RBL, and there doesn't appear to be anything standing out in the header that could be used. I realize I could write some body rules (this is what I miss most about SOUGHT), but as you know it's often too late to catch such a moving target. I'm finding very large blocks of IPs are typically involved with these campaigns. I have dozens of these that get through before they are blacklisted and would like a more general or broad solution. They typically hit at least bayes80 with sa-3.4.1. Are there any routines out there that can extract the last-external IP and either store it in a file or otherwise make it available to be added to a check_client_access map? Thanks, Alex
