On 03/10/16 10:14, Nicola Piazzi wrote:
# DHL
header __AF_DHL_FROM From =~ /([^a-zA-Z0-9]|^)dhl([^a-zA-Z0-9]|\b)/i
header __AF_DHL_DOMAIN From =~ /\@dhl.com(>|\b)/i
meta AF_VALID_DHL (SPF_PASS || MXPF_PASS || DKIM_VALID_AU) &&
__AF_DHL_DOMAIN
describe AF_VALID_DHL Valid dhl Sender
score AF_VALID_DHL -1.00
meta AF_ABUSED_DHL __AF_DHL_FROM && !AF_VALID_DHL
describe AF_ABUSED_DHL Probably Abused dhl Sender Name
score AF_ABUSED_DHL 1.00
An email sent with a valid SPF for a different domain than dhl.com would hit
AF_VALID_DHL in this example...
A better way to validate the emails would be
---8<---
whitelist_auth *@dhl.com
---8<---
And to catch the potential abuse
---8<---
adsp_override dhl.com custom_med
---8<---
I'm part way through raising a bug request with a feature improvement which
might help towards this too, watch this space
Paul --
Paul Stead
Systems Engineer
Zen Internet