Jeremy Kister wrote:
> I've been thinking about flagging certain patterns in a remote hosts's
> reverse dns as spammy. I started to write a rule, but realized I could
> be doing more harm than good.
>
> running qmail, I have Received field in the header:
> Received: from 10-115-0-9.example.net (HELO host.example.net) (10.115.0.9)
> by qmail-02.example.net with SMTP; 31 May 2007 02:02:27 -0000
>
> So i started:
> header JK_SPAMMY_RDNS Received =~
> /\d{1,3}[-\.]\d{1,3}[-\.]\d{1,3}[-\.]\d{1,3}/
>
> But I realized that I need to match on only the most recent received
> field so that I don't penalize a legitimate end user who relayed through
> his isp. Another option may be to check the "TCPREMOTEHOST" environment
> variable.
>
> Can someone point me in the right direction on how to do either (or
> another way to do it altogether) ?
>
You'll want to use the X-Spam-Relays-Untrusted metadata.
Look at how __RDNS_DYNAMIC_ADELPHIA works in 20_dynrdns.cf (assuming
you're using 3.2.x)
That said, are you sure you really want to do this?? SA already has a
pretty extensive ruleset to detect this kind of thing built-in..
>
>
>
