You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by do...@apache.org on 2007/09/27 22:36:52 UTC

svn commit: r580143 - /spamassassin/rules/trunk/sandbox/dos/70_other.cf

Author: dos
Date: Thu Sep 27 13:36:51 2007
New Revision: 580143

URL: http://svn.apache.org/viewvc?rev=580143&view=rev
Log:
sandbox: add DOS_FORGED_RCVD_QUADS to catch forged received headers, pretty Sendmail specific right now

Modified:
    spamassassin/rules/trunk/sandbox/dos/70_other.cf

Modified: spamassassin/rules/trunk/sandbox/dos/70_other.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/dos/70_other.cf?rev=580143&r1=580142&r2=580143&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/dos/70_other.cf (original)
+++ spamassassin/rules/trunk/sandbox/dos/70_other.cf Thu Sep 27 13:36:51 2007
@@ -229,3 +229,7 @@
 describe DOS_ANAL_SPAM_MAILER	X-mailer pattern common to anal porn site spam
 tflags DOS_ANAL_SPAM_MAILER	publish
 
+# 20070927 - sendmail specific check to detect forged received headers
+header DOS_FORGED_RCVD_QUADS    ALL-EXTERNAL =~ /(?:^|\n)Received:\s+from \[(\d{2,3}\.\d{1,3}.\d{1,3}\.\d{1,3})\] .+\nReceived:\s+from \[\1\] by \S+; /
+describe DOS_FORGED_RCVD_QUADS  Probable forged received header
+