On Tue, Nov 25, 2003 at 01:22:51PM -0500, Tony Bunce is rumored to have said: > > I have been seeing lots of spam like this getting through recently > > Anyone have any ideas how to reduce this type of spam from getting > through?
I noticed that this guy's using our domain name as the argument to the HELO command during the SMTP transaction. So if the address he's spamming is [EMAIL PROTECTED], his ratware used "HELO example.com". None of our servers use just our domain name (they all use their fully qualified hostnames), so I added a custom rule which looked for "helo=example.com" in the Received: header and scored it at 200 points to overcome his using a whitelisted From: address (we've whitelisted [EMAIL PROTECTED]). Works like a charm. -- "Life is pleasant. Death is peaceful. It's the transition that's troublesome." - Isaac Asimov ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
