We're getting a boatload of To and From addresses starting with pipe characters on one of our clients' mailservers. The messages themselves don't appear particularly malicious -- the ones we've seen are just pill spam -- but there are craploads of them.
I was thinking about configuring an SA rule to just bump the scores up a few points (most of those that are getting thru seem to be scoring about 8 or 9), so adding a few points will push them into reject territory. Oh, and the client has historically allowed catch-all mail domains hence why so many of these are being delivered. We've managed to get them to not allow catch-alls now, but they still have 20-odd-thousand historical domains that haven't had the catch-alls removed yet.. So I'm just wondering if others encounter this with enough regularity, and if so what your thoughts and advice are. I don't particularly want to add rules into sendmail, so SA is my avenue of choice. Cheers -- Spiro Harvey Knossos Networks Ltd 021-295-1923 www.knossos.net.nz
signature.asc
Description: PGP signature
