Hi,
Would any of you have a rule to catch fake IPs in received: header lines?
Something to catch received lines like the followings:
Received: from mail.ihsjm.net (host.hdbix.net [865.874.994.859]) by
pcok.msfffark_er.nu (8.7.3/6.7.3) with SMTP id CFF89341
for <[EMAIL PROTECTED]>; Fri, 31 May 2002 3:06:02 PM -
6000 (EST)
Received: (from [EMAIL PROTECTED]) by host.hdbix.net
(8.6.9/8.6.9)
id AKK56394 for <[EMAIL PROTECTED]>; SMTP id MDD81541
for <[EMAIL PROTECTED]>; Thu, 30 May 2002 3:06:02 PM -
6000 (EST)
Received: from host.jdksolsls.com (money$u22.jdhswihgn.com
[630.356.757.969]) by
$4me.$foryou&2.com (8.6.12/8.6.12) with ESMTP id WHH36432 for ;
[EMAIL PROTECTED]; Wed, 29 May 2002 3:06:02 PM -
6000 (EST)
Received: from my.onmeym.net.com ([EMAIL PROTECTED]
[784.636.921.786])
by mailerser.ksnssshd.com (8.6.12/8.6.12) with ESMTP id PCC38491
for
<[EMAIL PROTECTED]>; Tue, 28 May 2002 3:06:02
PM - 6000 (EST)
Now, I could use part of any of those lines excluding the dates and it
would catch somes as I was able to find similar headers in other spam
messages through a search on one of the fake IPs with google. But I'd
prefer a rule that would also catch variations to those headers...
Oh, I don't know if this is the culprit, but the mail ad an X-Mailer of:
X-Mailer: Dynamic Mail Pro V3.086
Thanks,
--
Patrice Fournier
[EMAIL PROTECTED]
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
