Below is the set of headers from a spam source. Currently I've
got RSS, RBL, and DUL running on one of my servers, the other
is in process of being upgraded.
It occurs to me that with exim's filter and high configurability
that I can block stuff that is wildly out to lunch with
regards to headers.
E.g. In this case the putative From: is a domain that doesn't
match *anything* in the rest of the headers. The To: is
also forged.
So, does anyone have a start at doing a reasonable consistency
check on the headers as the basis for either a warn or auto
handler?
Sherwood Botsford | sherwood@???
Sorcerers Apprentice | Math Dept, U of A, Edmonton, AB T6G 2G1
System Administrator | Tel: 780 492 5728
Trouble shooter | Fax: 780 492 6826
---------- Forwarded message ----------
Received: from falcon.prod.itd.earthlink.net [207.217.120.74]
by spica.math.ualberta.ca with esmtp (Exim 2.05 #2)
id 13Dfuf-000384-00 ; Sat, 15 Jul 2000 22:20:21 -0600
Received: from compaq (PPPa90-ResaleChicagoMetro10-2R7120.saturn.bbn.com
[4.4.240.247])
by falcon.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with SMTP id VAA03034;
Sat, 15 Jul 2000 21:13:30 -0700 (PDT)
Date: Sat, 15 Jul 2000 21:13:30 -0700 (PDT)
From: subscriberinfo@???
Received: from login_0246.whynot.net (mx.whynot.net[206.212.231.88]) by
whynot.net (8.8.5/8.7.3) with SMTP id XAA07286 for sender422@???;
Sat, 15 July 2000 23:12:30 -0700 (EDT)
To: jparker@???
Subject: Information to subscribers
Reply-To: sample@???
X-PMFLAGS: 10322341.10
X-UIDL: 10293287_192832.222
Comments: Authenticated Sender is <user122@???>
Message-Id: <56639825_68007713>