Bret Miller wrote:
Thanks for the info Bret. What I've come up with is this:header _FROM_DOMAIN From ~= /example\.com/i header _SPF_TRUE /\bSPF_FAIL\b/ meta DOMAIN_SPF_TRUE (_FROM_DOMAIN&&_SPF_TRUE) score DOMAIN_SPF_TRUE 10.0Will this work?Kinda, with few changes:header __FROM_DOMAIN From ~= /\bexample\.com\b/i header __SPF_TRUE ALL ~= /\bSPF_FAIL\b/ This will make sure you get example.com and notmyexample.communists.However, the From header is *really* easy to spoof, so thisisn't muchof a check. You would probaly be better off looking forthe host namein one of the received headers. You also need to give a target to the second header test. I used "ALL" to search all of the headers for the string you want.However,if you know the name of the header you are looking for, you could better do something like header __SPF_CHECK SPF_FAIL:Exists Assuming the header was named "SPF_FAIL" Note also you want two leading underscores, not one, on those meta parts, so the final line becomes: meta DOMAIN_SPF_TRUE (__FROM_DOMAIN && __SPF_TRUE) LorenHi Loren Thank you very much. I'll give it a try. The final filter will then look like this? header __FROM_DOMAIN From ~= /\bexample\.com\b/i header __SPF_TRUE ALL ~= /\bSPF_FAIL\b/ meta DOMAIN_SPF_TRUE (__FROM_DOMAIN&&__SPF_TRUE) score DOMAIN_SPF_TRUE 10.0 Just a question though.. This whole process happens in Spamassassin... Will there be a SPF_FAIL in the header already at the time of this check?? I get the feeling there won't..If the SPF test is happening in SA anyway, then you can reduce this to two rules: header __FROM_DOMAIN From ~= /\bexample\.com\b/i meta DOMAIN_SPF_TRUE (__FROM_DOMAIN&&SPF_FAIL) score DOMAIN_SPF_TRUE 10.0 The rule works 100%. Had to tweak it a bit and clean out some syntax errors, but it works. :)SPF_FAIL is part of the standard rule set in 25_spf.cf. No sense in checking the condition twice. Bret header __DOMAIN_FROM From =~ /\bexample\.com\b/i meta DOMAIN_SPF_TRUE (__DOMAIN_FROM && (SPF_SOFTFAIL || SPF_FAIL)) score DOMAIN_SPF_TRUE 5.0 Thanks for all the help . Regards JvdW |