Re: [Exim] filtering ideas for stopping spam: Message-Id

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMBen Smithurst at <-
MMJeremy C. Reed at ->
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Marc MERLIN
CC: Jeremy C. Reed, exim-users
Subject: Re: [Exim] filtering ideas for stopping spam: Message-Id
One thing this lets through is messages which have NO Message-ID:
header, since exim adds a proper one if it is missing completely.

Wishlist for Exim4: The ability to specify where messages with a
completely missing Message-ID are accepted from (a desirable setting
would be "any hosts in host_accept_relay, or any host that has
succesfully authenticated" - to allow ones one users/customers that may
have broken MUA's through, but outside hosts delivering mail for you
must have a proper message id..)

Actually, this probably wont be of much use for long, since the spammers
would just start putting in valid message IDs.. sigh..

In fact, once ANY anti-spam practice becomes commonplace, spammers find
a way around it..

(OT) By the way, anyone running formmail? Check your logs on that
machine. Formmail has a wide-open security hole and it is now becoming
common for spammers to use your formmail to relay their spam.. Matts
script archive actually has an update - it involves maintaining a list
of authorized formmail recpients..




On Mon, 20 Aug 2001, Marc MERLIN wrote:

> On Mon, Aug 20, 2001 at 09:30:17AM -0700, Jeremy C. Reed wrote:
> > Sometimes I receive spam with no Message-Id or it is set to <>.
> >
> > Does anyone have any advice on whether I should block mail with
> > missing Message-Id or set to "<>"? (Does anyone have success with this?)
>
> Yes, I do.
>
> >From my system_filter:
>
> if $header_message-id matches "<[^>]+@>"
> then
> logfile /var/log/exim/nullmesgidbouncedemail.log 0600
> logwrite "$tod_log $message_id envelope: $sender_address, From: $h_from ($sender_host_name[$sender_host_address]) => $recipients (recipients=$recipients_count) subject=$header_subject\n$message_headers"
>
>   # Let's not bounce errors or mails back to us :-)
>   if not error_message
>   then
>     fail text "Sorry, but your message-ID is broken, apparently because your\n\
>              hostname isn't set right\n\
>              You need to fix this before you can send us mail.\n"
>   endif

>
> save /var/spool/exim/rejects/nullmesgidbouncedemail 0644
> seen finish
> endif
>

--




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Protecting Percent-Hack exploitable machines with exim[Exim] Looking in aliases for local address?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)