I'm seeing a lot of blowback from Russian servers due to my domain users being joe-jobbed. I'm writing a rule to check (among other things) the From: address. I'm a bit confused about what to actually put in there though. Since they're NDRs they'll have a null sender. So should I use <> (or more likely \<\>?
Looking at the messages in Mailwatch for MailScanner, it shows the From as <g>. Using Midnight Commander to look at the quarantined messages I see <.g>. The dot w/in the brackets is 0x81, followed by 0x67 (lowercase g). So when spamassassin actually looks at the message, what will really be there? I.e., what will trigger the rule? Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500
