Hi, ALL_TRUSTED is a bit odd. If you you look back through the debug, it > has identified untrusted relays: > > [11689] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=194.230.33.137 > rdns=mx.xm-rz.net helo=mail.xm-rz.net by=myhost.mydomain.com ident= > envfrom= intl=0 id=B94C2118004 auth= msa=0 ] [ ip=62.2.104.4 rdns=
Yes, after noticing xm-rz and t-p.com in 'Received:' headers on several of these, I've since added a header rule to add points for those relays. Is this the proper way to do it? header LOCAL_RECVD_TP Received =~ /.\.t-p\.com/ score LOCAL_RECVD_TP 3.6 describe LOCAL_RECVD_TP Recvd from botnet Thanks, Alex