Jens Teubner writes: > Hi, > > although I'm definitely not a SpamAssassin expert, I observed a pattern > that was present in roughly half the spam mails I got during the last > weeks. > > --- snip --- > Received: from 134.34.240.60 (unknown [202.99.169.213]) > by guanin.uni-konstanz.de (Postfix) with SMTP > id 00DC026A9EE; Mon, 25 Aug 2003 18:48:39 +0200 (MEST) > Received: from sq2.kn923p2.org [245.227.70.53] by 134.34.240.60 id > --- snap --- > > Our incoming mail server is guanin.uni-konstanz.de, with IP > 134.34.240.60. Obviously the spammer sent this IP with the HELO command.
SpamAssassin 2.60 includes a test -- FORGED_RCVD_NET_HELO -- which catches this. --j. ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
