|Main Archive Page > Month Archives > spamassassin-users archives|
On 14/01/11 21:04, Warren Togami Jr. wrote:
> Anyone else have effective local rules? Please let me know and I'll put
> them into the nightly masscheck for testing.
header NSL_RCVD_HELO_USER Received =~ /helo[= ]user\)/i
describe NSL_RCVD_HELO_USER Received from HELO User
Might want to combine into a meta rule with existing NSL_RCVD_FROM_USER
header NSL_RCVD_FROM_USER Received =~ /from User [\[\(]/
describe NSL_RCVD_FROM_USER Received from User
The above are particularly effective (here) against 419 / bank phish
type emails sent from compromised webmail accounts. Hit rate is not
great, but the FP count is near zero.