Joseph Brennan wrote:
> Jeff Koch wrote:
> > One of the problems is that the actual spam email is sometimes not
> > attached. But interestly enough we are usually sent the email header of
> > the original email. From that we (the humans) can easily spot that the IP
> > address of the mailserver claiming to be ours is, in fact, not. So, if
> > that line in the returned email header can be parsed perhaps a program
> > can validate the IP address.

>
> Check the precise format, but if you have something like this in the
> original header, with your host's name...
> (hostname.example.com [11.22.33.44])
> ...and that's not the right IP, that would be a good test.
>
> It sounds like you could get that with a 'body' rule.


A 'body' rule does not see a header section of an attached mail,
a 'full' rule is needed, as pointed out elsewhere
(but the 'full' rule sees a main header section too).

See:
https://issues.apache.org/SpamAssass...ug.cgi?id=5872

Mark