on Thu, Mar 29, 2001 at 04:42:12PM -0500, Noah L. Meyerhans ([EMAIL PROTECTED]) wrote: > I've been using exim as my MTA since it became the default Debian MTA. > I have the following line in /etc/exim.conf: > rbl_domains = rbl.maps.vix.com/reject : outputs.orbs.org/warn : \ > spamsource-netblocks.orbs.org/reject : blackholes.mail-abuse.org/reject\ > :relays.mail-abuse.org/warn : inputs.orbs.org/warn : manual.orbs.org : \ > spamsources.orbs.org/reject > > (really that's all on one line, I've just broken it up for mail) > > However, this fails to catch a lot of spam, because apparently it only > checks first hop taken by the mail message. Most spammers these days > aren't using such a simple scheme. Consider the following spam headers: > > Received: from mail.foo.com (mail.foo.com) [::ffff:123.45.67.89] > by spider.morgul.net with esmtp (Exim 3.12 #1 (Debian)) > id 14ij8d-0005l0-00; Thu, 29 Mar 2001 15:35:23 -0500 > Received: from foobar.baz.com (foobar.baz.com [98.76.54.32]) > by mail.foo.com (Postfix) with SMTP > id AE69838530; Thu, 29 Mar 2001 11:09:41 -0900 (AKST)
My understanding is that the spam block only works if the direct connection is coming from an RBL/ORBS listed IP. In which case, exim drops or refuses the connnection. > OK, the names and IP addresses of the other networks/hosts have been > changed. mail.foo.com is hop right before reaching my mail server > (spider.morgul.net). The thing is, mail.foo.com is the open relay, but > exim is only checking foobar.baz.com, which is not an open relay. > > How can I handle such cases? procmail? -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
pgp47blSHvLhJ.pgp
Description: PGP signature
