FYI, Made a small rule for this and it gets hit every day sofar without any FP's. So if anyone is interested: header PORT_HELO Received =~ /from \[[0-9\.]*\] \(port\=[0-9][0-9][0-9][0-9] helo\=\[[a-zA-Z]*\]\)/ describe PORT_HELO Header contains special port and helo score PORT_HELO 10.00
Menno > I get a lot of med-spams lately that look the same, short, 2 lines with > one url, below that some text (from a book?). > Often it gets marked as spam because of the url, but not always because > bayes has no real grip on this mail. > Maybe there is a way to recognise them in the second receive-line because > of the special helo and port text. > I want to block it with this at the MTA level because I couldn't find HAM > with this text (port-number and special helo syntax). > But I'm not so sure yet so my question is do you know of any HAM that uses > receive lines like this? > > Thanks > Menno van Bennekom > > Received: from [66.98.106.84] (port=4465 helo=[Batista]) > Received: from [180.111.168.219] (port=4464 helo=[discharge]) > Received: from [221.54.120.107] (port=4548 helo=[benchmark]) > Received: from [240.232.66.156] (port=4015 helo=[infrared]) > Received: from [123.120.113.68] (port=4426 helo=[chronograph]) > Received: from [130.98.112.26] (port=4102 helo=[lash]) > Received: from [50.188.174.87] (port=4590 helo=[simplifications]) > Received: from [188.109.189.81] (port=4054 helo=[barbiturates]) > Received: from [62.170.216.71] (port=4317 helo=[dispatching]) > Received: from [62.103.177.85] (port=4163 helo=[mangler]) > Received: from [47.187.43.74] (port=4578 helo=[Basie]) > Received: from [47.119.220.88] (port=4434 helo=[slats]) > Received: from [224.62.78.91] (port=3290 helo=[inorganic]) > Received: from [231.153.167.126] (port=3319 helo=[custodians]) > Received: from [48.224.115.129] (port=4000 helo=[rephrasing]) > Received: from [116.68.119.88] (port=4486 helo=[restate]) > Received: from [116.217.80.102] (port=4232 helo=[mechanizations]) > Received: from [93.80.205.52] (port=4084 helo=[emulation]) > Received: from [141.51.44.132] (port=4292 helo=[unsanitary]) > Received: from [169.90.217.201] (port=4098 helo=[Apatosaurus]) > Received: from [162.120.144.32] (port=4240 helo=[transceive]) > Received: from [74.93.157.193] (port=2259 helo=[incompatible]) > Received: from [153.24.175.209] (port=4170 helo=[Hercules]) > Received: from [140.218.69.178] (port=4354 helo=[contrition]) > Received: from [146.198.92.136] (port=4568 helo=[culprit]) > Received: from [209.30.112.183] (port=4266 helo=[Argo]) > Received: from [144.199.150.185] (port=4024 helo=[enticer]) > Received: from [63.210.57.193] (port=4253 helo=[cerebellum]) > > >
