On 9/20/2011 1:39 PM, Ned Slider wrote:
On 20/09/11 14:50, Stan Hoeppner wrote:
On 9/19/2011 6:31 PM, Noel Jones wrote:
I don't know of any up-to-date header/body checks repository. AFIK
the ones found on the internet are outdated enough to be ineffective
and just waste time.
These might be useful. Pick your own preferred action. Season to your
taste. The first 3 are safe for any site as they target a specific
spamware engine.
/HELO User/ DISCARD
/helo=User/ DISCARD
/Received: from User / DISCARD
Occasionally postfix breaks the line right after "User", so this variant
catches those instances:
/^Received: from User$/i REJECT
Thanks for the tip Ned.
If anyone noticed, I use DISCARD more frequently in header checks than
REJECT. A lot of this type of spam I receive via the lkml server(s).
The LKML list manager doesn't like seeing REJECTs, period. Not bounces
but REJECTs. He booted me from all lkml lists for rejecting the spam
instead of swallowing it. Thus I use DISCARD these days instead.
--
Stan
