Hello, I am fighting with spam with predictable headers but I am not able to block it by spamassasin rule. Here is example header of email from spammer: Code: Return-Path: <[email protected]> Delivered-To: [email protected] Received: from localhost (localhost.localdomain [127.0.0.1]) by mx1.server.ltd (Postfix) with ESMTP id DBECF51C3B9 for <[email protected]>; Wed, 11 Oct 2017 04:30:47 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mx1.server.ltd X-Spam-Flag: NO X-Spam-Score: 2.831 X-Spam-Level: ** X-Spam-Status: No, score=2.831 tagged_above=1 required=4.5 tests=[HTML_IMAGE_ONLY_04=0.342, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.139, MPART_ALT_DIFF=0.724, SUBJ_ALL_CAPS=1.625] autolearn=disabled Received: from mx1.server.ltd ([127.0.0.1]) by localhost (mx1.server.ltd [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jyq13G-l7AmT for <[email protected]>; Wed, 11 Oct 2017 04:30:47 +0200 (CEST) Received: from mx2.server.ltd (mx2.server.ltd [12.34.56.78]) by mx1.server.ltd (Postfix) with ESMTPS id 6FE5D51C3B8 for <[email protected]>; Wed, 11 Oct 2017 04:30:47 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by mx2.server.ltd (Postfix) with ESMTP id F23891010821 for <[email protected]>; Wed, 11 Oct 2017 04:30:46 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mx2.server.ltd Received: from mx2.server.ltd ([127.0.0.1]) by localhost (mx2.server.ltd [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oCaT4eGu1Eb0 for <[email protected]>; Wed, 11 Oct 2017 04:30:46 +0200 (CEST) Received: from mail.alfahost.co.ua (mail.alfahost.co.ua [85.25.159.68]) by mx2.server.ltd (Postfix) with ESMTP id A92AD10107E2 for <[email protected]>; Wed, 11 Oct 2017 04:30:46 +0200 (CEST) Received: from alfahost.co.ua (mail.alfahost.co.ua [85.25.159.68]) by mail.alfahost.co.ua (Postfix) with ESMTPA id 1143ABC1EAF; Wed, 11 Oct 2017 03:27:54 +0300 (EEST) Message-ID: <[email protected]> From: "Machoman" <[email protected]> To: <[email protected]> As you can see there are different "To" ([email protected]) and "Received" for ([email protected]). Is there a way to detect and increase spam points for mails with different "To" and "Received for"? I cannot find how to write spamassasin custom rule for this purpose. Or any other way how to filter this mess. Thanks for any idea.
hmm it's 00:32 am here, I'll tag this post to receive updates while leaving an implementation for From/ReplyTo as a basis https://github.com/extremeshok/spamassassin-extremeshok_fromreplyto
so you're going to work out the received for issue for yourself or would that be a bonus to have? Btw. I haven't had time to check what's up with https://github.com/extremeshok/spamassassin-extremeshok_fromreplyto/issues/5
