X-From_: [EMAIL PROTECTED] Thu Jan 31 14:57:13 2002
Mail-Followup-To: Paul Chvostek <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
User-Agent: Mutt/1.2.5i
X-Disclaimer: The opinions expressed in this email do not necessarily
represent
those of the author.
Date: Thu, 31 Jan 2002 01:55:46 -0500
Reply-To: [EMAIL PROTECTED]
Sender: Spam Prevention Discussion List <[EMAIL PROTECTED]>
From: Paul Chvostek <[EMAIL PROTECTED]>
Subject: Re: BLOCK: Sendmail rule for bogus MAIL FROM: ?
To: [EMAIL PROTECTED]
On Thu, Jan 31, 2002 at 12:16:57AM -0600, Gary S. Callison wrote:
>
> I recall seeing something here where someone had a sendmail rule that
> would block mail with an envelope sender that claimed to be in a freemail
> domain that isn't actually from a mailserver in that domain, i.e: spam
> through chinese relays claiming to be from <[EMAIL PROTECTED]>
> frexample.
>
> And yet a somewhat exhaustive web search & search of the Spam-L archives
> hasn't let me turn it up yet. Does anybody have one of these handy?
I'm doing this in procmail with http://www.it.ca/software/procmail-spamtrap .
Additional checks include some specific rules like ...
- Email generated at hotmail.com *always* has a Message-Id whose first
three characters match the first three characters on the reverse DNS
of the a mail server in a Received line,
- Free email generated at netscape.com always comes from a server within
aol.com and has Message-Id and received lines in a predicatble format,
and has a line /^X-Mailer: Atlas/,
- Free email from yahoo.com also has fairly predictable Message-Id and
Received line formats. Haven't researched this one too much yet.
I've got a long regexp that messily identifies a slew of other free
mailbox providers, and for any email whose Return-Path includes one of
those, I bounce the message if it doesn't include that domain in a
Received line. It's not conclusive, but it catches lots of junk anyway.
So far I haven't had any complaints from people using SMTP service at
any of these providers; all my customers have email addresses at their
own domains. :)
--
Paul Chvostek <[EMAIL PROTECTED]>
Operations / Development / Abuse / Whatever vox: +1 416 598-0000
it.canada http://www.it.ca/
---
Mark Reynolds
Managing Director Reynolds Technology Pty Ltd
Phone 1300 656 424 http://www.reynolds.net.au
Phone 08 9474 1211 mailto:[EMAIL PROTECTED]
Fax 08 9474 9592 PO Box 945 South Perth 6951 WA
Pager 08 9480 5884 19 Lyall St South Perth 6151 WA
ABN 73 078 831 740 ACN 078 831 740
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
