On Mon, 26 Oct 2015, Shane Williams wrote:
I've created a header rule with "Received =~ /blahblahblah/", and I
just got a false positive on it when none of the Received headers in
the mail actually match. I had a similar situation last week, and
(I think) found in the SA code where it will treat ezmlm headers as
if they were Received headers (which explained why it hit).
Is there anywhere, other than the code, where I can see what all
headers might be checked as part of a "Recevied =~" rule?
Try adding this to your tesbed ruleset:
header __ALL_RECEIVED Received =~ /.*/
tflags __ALL_RECEIVED multiple
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
5 days until Halloween
