ALL_TRUSTED should fire if msg is only transported via trusted hosts, so you can do && !ALL_TRUSTED But would it not be better to not accept such messages in first place and reject them on your border mta?
Am 27.11.2017 um 13:57 schrieb Ralf Hildebrandt: > How can I distinguish my internal networks from the evil internet in a > spamassassin rule? > > I want to give messages coming from "not mynetworks" but using my > domain in the From: header some additional points: > > header MY_FROM From =~ /charite.de/i > describe MY_FROM Sender is from charite.de > > # Now you create a rule to combine them: > meta MY_FROM_FROM_OUTSIDE MY_FROM && HOW_DO_I_QUERY_TRUSTED_NETWORKS > describe MY_FROM_FROM_OUTSIDE Sender is from my domain, but comes from the > outside > score MY_FROM_FROM_OUTSIDE 1.0 > >