> -----Messaggio originale----- > Da: John Rudd [mailto:[EMAIL PROTECTED] > Oggetto: Re: R: R: New method of spamming > > Giampaolo Tomassoni wrote: > >> -----Messaggio originale----- > >> Da: Chris St. Pierre [mailto:[EMAIL PROTECTED] > >> > >> On Mon, 26 Mar 2007, Giampaolo Tomassoni wrote: > >> > >>> By "black-listing" URI's host IPs, one could easily score high this > >> kind of > >>> e-mails. Maybe there is also some RBL regarding web hosts, by the > >> way. Is > >>> it? > >> You mean URIBL? Not only does it exist, it's included with SA. If > >> the URIBL_* family of rules aren't among your top 5 most effective, > >> something is seriously wrong with your SA installation. > > > > No, not URIBL: that would detect the URI (which always changes). I > mean some > > RBL thing which enlists suspicious web host IP address, since the IP > address > > of this spammer is always the same. > > SA has already, in the past, been set up to do RBL checks against every > Received line. (I think more recent SA versions only check a particular > Received line, though) That's probably what needs to be done here: > check every received line against a particular RBL.
Mmmmh, not all the mail providers do report the submitting host through a 'Received:' line... I don't think your suggestion would definitely help, John. Giampaolo
