> > > Do you have a gernalised version of this which checks for a dot in the
> > > HELO name?
> >
> > condition = ${if match{$sender_helo_name}{\N^[^.].*\.[^.]+$\N}{no}{yes}}
> > basically this says "Must contain a dot but the first and last character may
> > not be a dot". From expereince, this will stop all sobig.f mails.
>
> I need to go this on Exim 3 but I don't knw if it's possible. Reading
> the docs, I don't think so.
>
> Anyone have any suggestions??
Check for a double dash in the date header in a filter or something. I don't
know 3.x anymore.
Ex from one of the mails I saw:
Date: Wed, 20 Aug 2003 5:16:11 --0700
^^
You could also check for:
X-MailScanner: Found to be clean
--
Lab tests show that use of micro$oft causes cancer in lab animals
