-----Original Message----- From: John Hardin [mailto:jhar...@impsec.org] Sent: 03 November 2015 17:18 To: users@spamassassin.apache.org Subject: RE: New rules..
On Tue, 3 Nov 2015, Richard Mealing wrote: > So I'm looking for something that would block this - > > fastnet.co.uk.12056010.bob.jones885@vmta27.toprea... > > I was thinking of just creating a rule to sort this out with something > like - ^fastnet\.co\.uk.\d+..*@ > > header FROM_IS_FAKE_FASTNET From =~ /^fastnet\.co\.uk.\d+..*@/i > score FROM_IS_FAKE_FASTNET 1.0 > describe FROM_IS_FAKE_FASTNET from contains fastnet.co.uk_something_@ > > But I wondered if there was a better way to do it. Would this work do > you think? Obviously this would only catch the items on my own domain, > so it's not a brilliant solution. I was wondering if anyone wrote > something better. So, to generalize the pattern: *your* (the recipient) domain is (somewhere) in the username part of the From email address? Hi John - Yup! >From address is - fastnet.co.uk.12056010.bob.jones885@vmta27.toprea... It's not actually that, but similar. We are seeing this quite a bit and I wondered if anyone else was. I guess not? Thanks, Rich
