Re: [EXIM] Problems with spam direct from PoPs

Página superior
Este mensaje es parte del siguiente hilo:
MEl árbol completo de hilos, ordenados por fecha
MExim Users Mailing List, mensaje del <-
M 
Eliminar este mensaje
Responder a este mensaje
Autor: Exim Users Mailing List
Fecha:  
A: Exim Users Mailing List
Asunto: Re: [EXIM] Problems with spam direct from PoPs
[ On Wed, February 18, 1998 at 21:36:11 (+0000), Alan Thew wrote: ]
> Subject: Re: [EXIM] Problems with spam direct from PoPs
>
> Here is an example of spam from "Rapid Fire" . (mailhub2 is one of our
> main hubs, mail.liv.ac.uk will soon be expired)
> 
> ---------- Forwarded message ----------
> Return-Path: <postmaster@???>
> Delivery-Date: Fri, 13 Feb 1998 17:30:23 +0000
> Received: from mailhub2.liv.ac.uk by mail.liv.ac.uk with Local-SMTP (PP);
>           Fri, 13 Feb 1998 17:30:21 +0000
> Received: from hdn104-063.hil.compuserve.com [206.175.106.63]     
>           by mailhub2.liv.ac.uk with smtp (Exim 1.73 #2)    id 0y3OwO-0007dZ-00;
>           Fri, 13 Feb 1998 17:30:21 +0000
> From: 
> To: 
> Subject:  A Unique Email
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
> Message-Id: <E0y3OwO-0007dZ-00@???>
> Date: Fri, 13 Feb 1998 17:30:21 +0000

>

Unfortunately your Received header doesn't contain sufficient
information (or is at least ambiguous). I can't tell what the HELO/EHLO
greeting parameter was. My guess is it wasn't anything even approaching
the hostname which matches the IP address and it's PTR name.

If that's the case HELO name verification would put a quick end to this
kind of spam. To date I've not yet received any spam from a dial-up
port direct to my address that had a valid HELO name. Most of the
existing small-time spammer software allows the spammer to choose the
HELO value, or picks random values, etc., and it seems their egos force
them to use silly values in an attempt to obfuscate things even though
it makes them easy to stop.

If they do start sending valid envelopes then other means will be
necessary to stop them, and blocking based on domain names matching
dial-up pools is one of the best ways I can see.

[Your Received header syntax is also illegal, but I think that's been
fixed in more recent versions of Exim if you're using the default.] 

-- 
                            Greg A. Woods


+1 416 443-1734      VE3TCP      <gwoods@???>      <robohack!woods>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>


--
*** Exim information can be found at http://www.exim.org/ ***


Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-Re: [EXIM] Problems with spam direct from PoPs[EXIM] Corrupt messages?->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)