Hi,
this rule is very easy but sa dont use it.. I don't
know why.
This is the rule:
header HDR_RCVDUNKNOWN Received =~
/from\s\unknown\s\(HELO\s(\w+|\d+|\w+\d+)\)/
describe HDR_RCVDUNKNOWN Received from unknown host
with HELO
score HDR_RCVDUNKNOWN 1.9
I would like to catch such headers:
Received: from unknown (HELO localhost) (127.0.0.1)
by localhost.sc.com with SMTP; Sat, 31 Jan 2004
09:20:24 -0800
I've verified the regex and it seems to be correct but
sa don't score emails with this header.
I've included the w+, d+ ... because I get some mails
with (HELO xuazau) or (HELO 152hs7d8) ....
What's wrong with the rule?
Thanks
Seba
Mit schönen Grüßen von Yahoo! Mail - http://mail.yahoo.de
this rule is very easy but sa dont use it.. I don't
know why.
This is the rule:
header HDR_RCVDUNKNOWN Received =~
/from\s\unknown\s\(HELO\s(\w+|\d+|\w+\d+)\)/
describe HDR_RCVDUNKNOWN Received from unknown host
with HELO
score HDR_RCVDUNKNOWN 1.9
I would like to catch such headers:
Received: from unknown (HELO localhost) (127.0.0.1)
by localhost.sc.com with SMTP; Sat, 31 Jan 2004
09:20:24 -0800
I've verified the regex and it seems to be correct but
sa don't score emails with this header.
I've included the w+, d+ ... because I get some mails
with (HELO xuazau) or (HELO 152hs7d8) ....
What's wrong with the rule?
Thanks
Seba
Mit schönen Grüßen von Yahoo! Mail - http://mail.yahoo.de