On Mon, 22 Jan 2018, Chip wrote:
I might be wrong here understand I'm still learning, but the purpose of
the filter, from what I've been able to grasp, is that it checksĀ the
From:addr and From:name values in SA to find
their domain and triggering a rule hit if there is a domain in the
From:name that doesn't match the domain in the From:addr.
In the example I sent From: (as in From:name) contains the domain
"gmail.com" - blabla...@gmail.com
From:addr contains "bounces.em.secureserver.net"
"From:addr" is *not* the envelope from address. It is the non-comment part
of the message From: header.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
USMC Rules of Gunfighting #20: The faster you finish the fight,
the less shot you will get.
-----------------------------------------------------------------------
Tomorrow: John Moses Browning's 163rd Birthday