[Mimedefang] filter on header from display name

Kris Deugau kdeugau at vianet.ca
Wed Dec 19 10:25:19 EST 2018

Marcus Schopen wrote:
> Am Montag, den 26.11.2018, 13:02 -0500 schrieb Dianne Skoll:
>> On Mon, 26 Nov 2018 17:55:57 +0100
>> Marcus Schopen <lists at localguru.de> wrote:
>>> is always the same, but I can't catch it with blacklist_from. Can I
>>> get
>>> that from $entity->head->get('From') or any better ideas?
>> That should work, or you can open and read the file ./HEADERS, which
>> contains the message headers (unwrapped, so exactly one header per
>> line.)
> I use a spamassassin rule now
> header MY_HEADER_1	From =~  /^.*\@spammer\.com.*/
> describe MY_HEADER_1	Header-Spam-Rule 1
> score MY_HEADER_1	100

This will more or less work, but keep in mind that "spammer.com" might 
better be shown in examples as "spoofvictim.com".  The whole point of 
this from the spammer's perspective is that mail clients will only 
display the "known"/"trusted" address, hiding the *other* victim (the 
compromised account).  Most of the time *both* addresses in the From: on 
these messages, however arranged, are innocent and unrelated to the 
spammer.  If you block either, you take the risk of blocking legitimate 

I have a pair of subrules looking for two @ signs in the From: - one 
just looks for two @ signs, the other looks for a specific variant with 
two <>-wrapped normal email addresses.  These get combined with a couple 
of other factors in meta rules to build up the score.


More information about the MIMEDefang mailing list