> Da: Larry Ludwig [mailto:[EMAIL PROTECTED]
>
> Hi,
>
> I searched the mailing list and didn't find anyone mentioning this.. So I
thought I like to add this new method.
>
> We are now seeing what fastmail.fm is also seeing:
>
> http://blog.fastmail.fm/?p=599
>
> Spammers are now in bulk spamming through the free webmail providers using
their botnets and not just a few emails. My question to the group is how
can test using RBL at this line within spamassassin:
>
> Received: from [68.199.171.61] by web62312.mail.re1.yahoo.com via HTTP;
Sat, 24 Mar 2007 20:15:58 PDT
> Since that is the root of the issue.
I think that a SA plugin which resolves URIs would be enough: I received
some of these spams, everyone containing a URI pointing to the very same web
host (124.0.208.235) also, the DNS server is:
a) defined with two different names, but only one (again
124.0.208.235);
b) the same of the web host in your case (in mines, it was a
different one).
By "black-listing" URI's host IPs, one could easily score high this kind of
e-mails. Maybe there is also some RBL regarding web hosts, by the way. Is
it?
Such a plugin doesn't yet exists, anyway (or, at least, I don't know about
it).
Giampaolo
-------------------------------------
Giampaolo Tomassoni - I.T. Consultant
Piazza VIII Aprile 1948, 4
I-53043 Chiusi (SI) - Italy
Tel/Ph: +39-0578-21100
MAI mandare un messaggio a:
NEVER send an e-mail to:
[EMAIL PROTECTED]
