Hi,
First, I'm wondering why parking.ru isn't among the freemail domains?
Perhaps it should be added?
Received: from mail05.parking.ru (mail05.parking.ru [195.128.120.25])
by mail02.example.com (Postfix) with ESMTP id 6ED82347D26
for <pa...@example.com>; Wed, 23 Mar 2016 17:42:50 -0400 (EDT)
I'm reading through the FREEMAIL_* rules, and wondered, how can I
build a rule that looks to see if email was passed through a freemail
domain?
I realize there's FREEMAIL_FROM, etc. I'm interested in something like
FREEMAIL_RECVD or something similar.
We're experiencing a higher than normal level of spoofing attempts,
and don't have the ability to implement DKIM/DMARC at the moment. SPF
is being worked on.
Having knowledge that a freemail sender was used in a spoof/phish
attempt I believe would be helpful.
Thanks,
Alex
