Some useful rules

[nicola.piazzi]

Here some useful rules, please change EFA.gruppocomet.it with your server name before inserting in your local.cf file :
(In Green an example of header and in Black Bold the rule)

1) Catch Server that doenst have A record for reverse resolution name of ip and give penality
Received: from server.dominio.it (unknown [15.89.18.12])
by EFA.gruppocomet.it (Postfix) with ESMTP id BA1EEA005E
for <miamail@gruppocomet.it>; Mon, 21 Dec 2015 17:42:54 +0100 (CET)
From: Mail <mail@dominio.it>

header H_UNKNOWN ALL =~ /unknown .+EFA.gruppocomet.it.+/s
describe H_UNKNOWN your description
score H_UNKNOWN 0.20

2 Catch Server that have declared domain host name like domain of reverse resolution and give a bonus
Received: from server.dominio.it (reverse.dominio.it [15.89.18.12])
by EFA.gruppocomet.it (Postfix) with ESMTP id BA1EEA005E
for <miamail@gruppocomet.it>; Mon, 21 Dec 2015 17:42:54 +0100 (CET)
From: Mail <mail@dominio.it>

header H_SAME_DOMAIN ALL =~ /from [a-zA-Z0-9\-]+\.([a-zA-Z0-9\-\.]+[[:blank:]])\([a-zA-Z0-9\-]+\.\1.+EFA.gruppocomet.it /s
describe H_SAME_DOMAIN your description
score H_SAME_DOMAIN -0.30

3) Catch Server that have declared host name like reverse resolution and give a bonus
Received: from server.dominio.it (server.dominio.it [15.89.18.12])
by EFA.gruppocomet.it (Postfix) with ESMTP id BA1EEA005E
for <miamail@gruppocomet.it>; Mon, 21 Dec 2015 17:42:54 +0100 (CET)
From: Mail <mail@dominio.it>

header H_SAME_HOST ALL =~ /from ([a-zA-Z0-9\-\.]+[[:blank:]])\(\1.+EFA.gruppocomet.it /s
describe H_SAME_HOST your description
score H_SAME_HOST -0.10

4) Catch if domain of email address equal domain of declared host name and give a bonus
Received: from server.dominio.it (server.dominio.it [15.89.18.12])
by EFA.gruppocomet.it (Postfix) with ESMTP id BA1EEA005E
for <miamail@gruppocomet.it>; Mon, 21 Dec 2015 17:42:54 +0100 (CET)
From: Mail <mail@dominio.it>

header H_HOSTDOM_EQ_MAILDOM ALL =~ /Received: from [a-zA-Z0-9\-]+\.([a-zA-Z0-9\-\.]{6,}) .+From:.+@\1>.+To:/s
describe H_HOSTDOM_EQ_MAILDOM my description
score H_HOSTDOM_EQ_MAILDOM -0.15

5) Catch if domain of email address equal domain of declared host name and give a bonus
Received: from server.dominio.it (server.dominio.it [15.89.18.12])
by EFA.gruppocomet.it (Postfix) with ESMTP id BA1EEA005E
for <miamail@gruppocomet.it>; Mon, 21 Dec 2015 17:42:54 +0100 (CET)
From: Mail <mail@dominio.it>

header H_PTRDOM_EQ_MAILDOM ALL =~ /Received: from.+\([a-zA-Z0-9\-]+\.([a-zA-Z0-9\-\.]{6,})[[:blank:]]\[.+From:.+@\1>.+To:/s
describe H_PTRDOM_EQ_MAILDOM your description
score H_PTRDOM_EQ_MAILDOM -0.45

[shawniverson]

Maybe we could gather these up and create an expanded rulset for EFA