I've been thinking about flagging certain patterns in a remote hosts's
reverse dns as spammy. I started to write a rule, but realized I could
be doing more harm than good.
running qmail, I have Received field in the header:
Received: from 10-115-0-9.example.net (HELO host.example.net) (10.115.0.9)
by qmail-02.example.net with SMTP; 31 May 2007 02:02:27 -0000
So i started:
header JK_SPAMMY_RDNS Received =~
/\d{1,3}[-\.]\d{1,3}[-\.]\d{1,3}[-\.]\d{1,3}/
But I realized that I need to match on only the most recent received
field so that I don't penalize a legitimate end user who relayed through
his isp. Another option may be to check the "TCPREMOTEHOST" environment
variable.
Can someone point me in the right direction on how to do either (or
another way to do it altogether) ?
--
Jeremy Kister
http://jeremy.kister.net./
