Reject mails with two different mail addresses in From Header
Nikolaos Milas
nmilas at noa.gr
Sat Mar 12 17:21:40 CET 2022
On 12/3/2022 1:34 π.μ., Nikolaos Milas wrote:
> ...
> Also, what should I do to catch (and score) ALL mails with 2 different
> mail addresses in the From header (regardless whether there is an
> encrypted zip attachment or not)?
> ...
Hi Matus,
Regarding the above, I understand I could probably simply raise the
score for the PDS_FROM_2_EMAILS rule in /etc/mail/spamassassin/local.cf,
like:
score PDS_FROM_2_EMAILS 4.0
However, it strikes me that incoming mail like the one I originally
referred to, with a header field like:
From: "<John Doe> john_doe at example.com" <afom-seminyak at grandmashotels.com>
does NOT mention any scoring by this rule:
X-Spam-Status: Yes, score=4.693 tagged_above=-999 required=3.4
tests=[BAYES_50=0.8, DATE_IN_FUTURE_12_24=3.199, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MISSING_MID=0.497,
RCVD_IN_MSPIKE_H2=-0.4, RDNS_NONE=0.793, SPF_HELO_NONE=0.001,
SPF_PASS=-0.1, TVD_SPACE_RATIO=0.001, URIBL_BLOCKED=0.001]
autolearn=disabled
Questions:
1. How can I check if this or any other rule is active and which is its
current score?
2. Could the PDS_FROM_2_EMAILS be triggered only when the From field
contains ONLY two different mail addresses and nothing else? I only
found in my quarantine two mails scored with this rule, and they both
contained nothing else than two addresses in the From field, whereas the
usual case is like the example I wrote above, i.e. there is a name as
well. If this is so, how can we write a rule that would catch all other
mails which contain "anything plus two different mail addresses"?
Thanks,
Nick
More information about the amavis-users
mailing list