[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vps-mail] How to block Spam with fake MessageID?

On Mon, Sep 08, 2003 at 02:45:24PM +0200, Martin Fischer wrote:
> okay maybe I was not clear enough, how to make sure that SA is not accepting non-local mails with 
> local message-id (i.e. atvirt14.atvirtual.net)?

Hmm... I think I can accept that. Your second example (GTE) threw me
off.

The only problem is, of course, that this won't catch forgeries (and
you see that a lot), but here is the heuristic:

    Emails with message-id from my server should also have a domain
    name in sendmail's w class (typically ~/etc/local-host-names is
    complete).

With that, we could write something like this:

    :0:
    * ^From:.*@\/[^>]+
    * ! $ ? egrep -iqf "${MATCH}$" /etc/mail/local-host-names
    faked-message-id

This hasn't been tested, btw, but should give you a starting point.

Scott
-- 
Scott Wiersdorf
scott@xxxxxxxxxxxx
======================================================================
Technical questions regarding this list may be sent to
<vps-mail-owner@xxxxxxxxxxxx>. You may request an automated help
response by sending an email with the word 'help' (w/o quotes) in the
BODY of the message (subject is ignored) to <vps-mail-request@xxxxxxxxxxxx>.
======================================================================
Main Index | Thread Index
Match: Format: Sort by:
Search: