Giampaolo Tomassoni wrote:
-----Messaggio originale-----
Da: Chris St. Pierre [mailto:[EMAIL PROTECTED]
On Mon, 26 Mar 2007, Giampaolo Tomassoni wrote:
By "black-listing" URI's host IPs, one could easily score high this
kind of
e-mails. Maybe there is also some RBL regarding web hosts, by the
way. Is
it?
You mean URIBL? Not only does it exist, it's included with SA. If
the URIBL_* family of rules aren't among your top 5 most effective,
something is seriously wrong with your SA installation.
No, not URIBL: that would detect the URI (which always changes). I mean some
RBL thing which enlists suspicious web host IP address, since the IP address
of this spammer is always the same.
SA has already, in the past, been set up to do RBL checks against every
Received line. (I think more recent SA versions only check a particular
Received line, though) That's probably what needs to be done here:
check every received line against a particular RBL.
