On Sun, 26 Aug 2007, Nikolay Shopik wrote: > Just parse received headers in attached message in backscatter. > You can easily see what this message sent not by your server and > you can reject such backscatter, because you never sent such > messages.
Not true any longer. The joe job I've been suffering from the last month has forged Received: headers that makes the spam appear to have been sent from my MX to the bot that actually originated it. After all, how hard is it to look up the MX for the domain you're forging as the sender? I you want to filter you'd need to keep a history of all the Message-ID values your MTA had processed and compare to that. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- USMC Rules of Gunfighting #20: The faster you finish the fight, the less shot you will get. ----------------------------------------------------------------------- 2 days until Exercise Your Rights day
