Code: Select all
# Domains:
# abnamro.nl
# nl.abnamro.com
describe PHISH_FROM_ABNAMRO Trigger on phishing mails
header PHISH_FROM_ABNAMRO From:addr =~ /\@(abnamro\.nl|nl\.abnamro\.com)$/i
score PHISH_FROM_ABNAMRO 2.0
describe UNPHISH_FROM_ABNAMRO Untrigger on valid mails
header __UNPHISH_FROM_ABNAMRO_A Return-Path:addr =~ /\@(abnamro\.nl|nl\.abnamro\.com)$/i
meta UNPHISH_FROM_ABNAMRO ( __UNPHISH_FROM_ABNAMRO_A && SPF_PASS )
score UNPHISH_FROM_ABNAMRO -2.0
The second rule should trigger on SPF_PASS and the Return-Path header contains header of @abnambro.nl and @nl.abnamro.com and lower the score
Funny thing is, in my spamd.exe logfile i have absolutely no hits on SPF_PASS, the only thing that comes near is SPF_HELO_PASS
Anyone can tell me why SPF_PASS is not triggered?