I want to write a rule that will allow me to test blacklist domain candidates. This is what I was thinking of:
header __BL_CAND ??mailfrom?? ~= /testbl\.com/i header __BL_CAND2 ??mailfrom?? ~= /testbl2\.com/i meta BL_CAND (__BL_CAND || __BL_CAND2) score BL_CAND 1.0 I then have a post-Spamassassin process which scans for emails that match the BL_CAND rule and copies them to a location where I can make sure I'm not being too aggressive. 2 questions: 1) Is this reasonable or is there a better way to accomplish this? 2) I cannot for the life of me figure out how to access the mail from: header. I want to be able to match the domain from the mail from:<[EMAIL PROTECTED]> line. Ted Kumsher
