I would like to use the AskDNS plugin to query a private DBL that I can populate/manage. The idea is to subtract a few points for inbound O365 domains that have been seen before in an effort to help block compromised O365 accounts from domains that have never been seen before.
Ideally a new tag would be created when the last external relay is an outbound.protection.microsoft.com host and the X-Originating-Org header value (which should match the EnvelopeFrom domain) is used to make a new tag like _O365ORG_ for a simple rule like this: ifplugin Mail::SpamAssassin::Plugin::AskDNS askdns O365_ORG_SEEN_BEFORE _O365ORG_.o365seen.example.com A /^127\.\d+\.\d+\.2$/ score O365_ORG_SEEN_BEFORE -2.0 endif BTW, how can I find a list of all existing tags available for use? I tried a number of greps and Google searches with no luck. Thanks, Dave