Jeff Koch <[EMAIL PROTECTED]> wrote:
One of the problems is that the actual spam email is sometimes not
attached. But interestly enough we are usually sent the email header of
the original email. From that we (the humans) can easily spot that the IP
address of the mailserver claiming to be ours is, in fact, not. So, if
that line in the returned email header can be parsed perhaps a program
can validate the IP address.
It sounds like you could get that with a 'body' rule.
Check the precise format, but if you have something like this in the
original header, with your host's name...
(hostname.example.com [11.22.33.44])
...and that's not the right IP, that would be a good test. I realize
you're thinking of generalizing to any case where an apparent hostname
stands next to an apparent IP in text, but if you have a specific
problem it's OK to be specific.
Joseph Brennan
Columbia University Information Technology
