I hope this is not a FAQ... Is it possible to write some rules, get their results and examinate these results in other rules?
Two examples (I used round brackets for correct display): 1.) Phishing: (a href="DANGEROUS_LINK")LINK_OF_YOUR_BANK(/a) rule 1 grabs DANGEROUS_LINK and LINK_OF_YOUR_BANK rule 2 compares the results whether both have the same domain, if not --> seems to be phishing, give some spam points 2.) Contact spam / Nigeria rule 1 grabs the sender address in the header rule 2 grabs a contact address in the body "Please email me at ..." rule 3 compares the results whether both have the same domain, if not --> give some spam points So - is this possible or would I have to write a plugin for this? Paul Lenz