On Thu, 18 Jan 2007, Martin wrote:
> Hello.
>
> I'm using spamd but am noticing that some SPAM is still coming though
>
> It's probably more dev but I don't like posting to the dev/tech lists. If
> the
> ideas/info have merit, then perhaps it can be forwarded to that list.
>
> Can (or does) spamd look at the From:, do a MX/A record dns lookup and
> compare. it to the sender IP to see if it's valid during the SMTP
> transaction ?
Your idea is flawed, there's nothing requiring incoming mail to come
from an IP accepting mail for that domain.
-Otto
>
> (I note if you put in a spamtrap email address it will do a straight IP block)
>
> e.g.
>
> Return-Path: <[EMAIL PROTECTED]>
> Delivered-To: [EMAIL PROTECTED]
> Received: (qmail 11000 invoked from network); 17 Jan 2007 17:19:49 -0000
> Received: from host194.skytechinc.com (HELO mail.skytechinc.com)
> (63.111.223.194)
> by felix.chaossolutions.org with ESMTP; 17 Jan 2007 17:19:49 -0000
> Received: from User ([86.127.117.209]) by mail.skytechinc.com with Microsoft
> SMTPSVC(6.0.3790.1830);
> Tue, 16 Jan 2007 17:51:43 -0500
> Reply-To: <[EMAIL PROTECTED]>
> From: "Town North Bank"<[EMAIL PROTECTED]>
> Subject: Notification from North Town BANK !
> Date: Wed, 17 Jan 2007 00:51:46 +0200
>
>
> dig mx tnnb.com
>
> <SNIP>
>
> ;; ADDITIONAL SECTION:
> mx1.tnnb.com. 3600 IN A 208.217.213.106
>
> So obviously the IP 63.111.223.194 does not belong to a tnnb.com mail server
> and can be blacklisted/tarpitted.
>
> Of course, you may want certain IP ranges whitelisted if they are important
> to
> you.
>
> You might want to allow/whitelist a specific, or a number of email addresses
> from an IP but greylist/blacklist the rest depending on your requirements.
>
> Can some of the above be discussed/implemented in spamd?
>
> Sorry, I don't program, just do some light scripting, but if I can see
> obvious
> SPAM's from the headers and a dns MX/A lookup, I would hope that spamd could
> be extended with options to catch and tarpit these people/servers/viruses
> etc.
>
> Regards...Martin
