-----Original Message----- > From: Damrose, Mark > After a couple of false starts with false positives, here's > the rules that seem to be working > > header __ECC_FORGED_SMTPGATE3_RCVD1 Received =~ > /(?<!via\ssmtpd\s\(for\s)smtpgate3\.elgin\.edu\s(?!\(MIMEDefan > g\)\swith\ > sESMTP)/ > header __ECC_FORGED_SMTPGATE3_RCVD2 Received =~ > /by\ssmtpgate3.elgin.edu\swith\sesmtp/ > meta ECC_FORGED_SMTPGATE3_RCVD __ECC_FORGED_SMTPGATE3_RCVD1 || > __ECC_FORGED_SMTPGATE3_RCVD2
Doh! One more false positive to add... Mail from an internal mail server that passes outbound to a list and comes back. The real sendmail Received header is not exactly the same as the one MD adds. I added a rule that matched the internal host (sorry, not posting the details here) and changed the meta rule to: meta ECC_FORGED_SMTPGATE3_RCVD ( __ECC_FORGED_SMTPGATE3_RCVD1 || __ECC_FORGED_SMTPGATE3_RCVD2 ) && ! __ECC_VALID_EXCHANGE _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang