On 7/14/23 23:59, Loren Wilton wrote:
I am suddenly getting hammered by a BUNCH of spam that appears to be
from me. It scores low, and even though I keep feeding it to Bayes,
it's still not hitting the threshold to be marked as spam.
When I check the headers, it's coming from multiple random email
servers, but many appear to originate from hotmail/outlook.com. So
from outlook.com, through some unsecured email server, then to my
server.
SA can't block this trash by itself, but if something post the SA
invocation can look at the headers you might be able to block it. You
can certainly mark it as spam.
For instance:
#
# Ok, catch 'from me' when it isn't
header __FROM_ME_1 From =~ /<me\@myhost\.(?:net|com)>/i
header __FROM_ME_2 From =~ /\"First Last\" <me\@myhost\.net>/
header __FROM_ME_3 From =~ /First Last <me\@myhost\.net>/
meta NOT_FROM_ME __FROM_ME_1 && !(__FROM_ME_2 || __FROM_ME_3)
score NOT_FROM_ME 10
describe NOT_FROM_ME Spammer faking the mail from me!
Mind the backslash on the quotes and at sign. Depending on versions of
things these are necessary, and don't hurt if they are not necessary.
Forgive my ignorance, I haven't really played with custom rules before.
Are the entries like /<me\@myhost\.(?:net|com)>/i meant to edited for my
actual email address and domain, or does "me" and "@myhost" get expanded
somehow? I actually use sendmail for bunch of domains on my mail
servers, and I want to make sure this will work for all those domains.
I assume this just needs to go in /etc/mail/spamassassin/local.cf,
right? Or do I need to do separate stanzas for each domain?
Thomas
