You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by David Jones <dj...@ena.com> on 2019/04/18 04:07:36 UTC

Office 365 Org tag

I would like to use the AskDNS plugin to query a private DBL that I can populate/manage.  The idea is to subtract a few points for inbound O365 domains that have been seen before in an effort to help block compromised O365 accounts from domains that have never been seen before.

Ideally a new tag would be created when the last external relay is an outbound.protection.microsoft.com host and the X-Originating-Org header value (which should match the EnvelopeFrom domain) is used to make a new tag like _O365ORG_ for a simple rule like this:

ifplugin Mail::SpamAssassin::Plugin::AskDNS
askdns    O365_ORG_SEEN_BEFORE _O365ORG_.o365seen.example.com A /^127\.\d+\.\d+\.2$/
score    O365_ORG_SEEN_BEFORE    -2.0
endif

BTW, how can I find a list of all existing tags available for use?  I tried a number of greps and Google searches with no luck.

Thanks,
Dave

Re: Office 365 Org tag

Posted by RW <rw...@googlemail.com>.

On Thu, 18 Apr 2019 04:07:36 +0000
David Jones wrote:

> I would like to use the AskDNS plugin to query a private DBL that I
> can populate/manage.  The idea is to subtract a few points for
> inbound O365 domains that have been seen before in an effort to help
> block compromised O365 accounts from domains that have never been
> seen before.
> 
> Ideally a new tag would be created when the last external relay is an
> outbound.protection.microsoft.com host and the X-Originating-Org
> header value (which should match the EnvelopeFrom domain) is used to
> make a new tag like _O365ORG_ 

IIWY I'd just lookup sender or author and do the rest in a meta-rule.