Re: [Exim] spam blocking...

Top Page
Delete this message
Reply to this message
Author: I.S. Manager
Date:  
To: exim-users
Subject: Re: [Exim] spam blocking...
As a general question, I'd like to know the answers too. As a specific
item, I've just blocked all mail from *.prod.itd.earthlink.net

At 10:57 AM 7/18/00 -0600, you wrote:
>
>
>Below is the set of headers from a spam source. Currently I've
>got RSS, RBL, and DUL running on one of my servers, the other
>is in process of being upgraded.
>
>It occurs to me that with exim's filter and high configurability
>that I can block stuff that is wildly out to lunch with
>regards to headers.
>
>E.g. In this case the putative From: is a domain that doesn't
>match *anything* in the rest of the headers. The To: is
>also forged.
>
>So, does anyone have a start at doing a reasonable consistency
>check on the headers as the basis for either a warn or auto
>handler?
>
>
>Sherwood Botsford     | sherwood@???
>Sorcerers Apprentice    | Math Dept, U of A, Edmonton, AB T6G 2G1
>System Administrator    | Tel: 780 492 5728 
>Trouble shooter            | Fax: 780 492 6826

>
>---------- Forwarded message ----------
>Received: from falcon.prod.itd.earthlink.net [207.217.120.74] 
>    by spica.math.ualberta.ca with esmtp (Exim 2.05 #2)
>    id 13Dfuf-000384-00 ; Sat, 15 Jul 2000 22:20:21 -0600
>Received: from compaq (PPPa90-ResaleChicagoMetro10-2R7120.saturn.bbn.com
>    [4.4.240.247])
>    by falcon.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with SMTP id VAA03034;
>    Sat, 15 Jul 2000 21:13:30 -0700 (PDT)
>Date: Sat, 15 Jul 2000 21:13:30 -0700 (PDT)
>From: subscriberinfo@???
>Received: from login_0246.whynot.net (mx.whynot.net[206.212.231.88]) by
>    whynot.net (8.8.5/8.7.3) with SMTP id XAA07286 for sender422@???; 
>    Sat, 15 July 2000 23:12:30 -0700 (EDT)
>To: jparker@???
>Subject: Information to subscribers
>Reply-To: sample@???
>X-PMFLAGS: 10322341.10
>X-UIDL: 10293287_192832.222
>Comments: Authenticated Sender is <user122@???>
>Message-Id: <56639825_68007713>

>
>
>
>
>--
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim

details at http://www.exim.org/ ##
>

---
Dennis Taylor
---
The opinions expressed herein are mine. Get your own opinions!
---