John Hardin wrote:
On Thu, 15 Oct 2009, Jason Haar wrote:
I just received what appeared to be a standard "certain north american
country" pharma spam that went straight by rules I have that normally
catch it. Within Thunderbird (and any other HTML-capable MUA) it's
blatantly shouting its wares. Clever usage of SPANs appear to enable it
to sneak straight by SA.
http://pastebin.com/m56d2db96
27. Received: from public30108.xdsl.centertel.pl (HELO
marcin-8963fd6f) (79.163.117.156)
28. by mailsrv1.trimble.co.nz with SMTP; 16 Oct 2009 04:09:42 +1300
You might want to consider instituting a HELO-no-dots reject at SMTP
time on your MTA. That rejects a _ton_ of garbage here.
The spans do look suspicious, I'm putting a rule into my sandbox...
John,
What are using to filter on HELO-no-dots? I've looked at milter-regex,
but I can't get it to build on my slackware 12 system.
Thanks,
Rick
