Re: [Exim] SPAM from secondary mail servers that you can not…

Top Page
Delete this message
Reply to this message
Author: Vadim Vygonets
Date:  
To: exim-users
Subject: Re: [Exim] SPAM from secondary mail servers that you can not control
Quoth Dave C. on Fri, Jan 25, 2002:
> On Fri, 25 Jan 2002, Terry Shows wrote:
> > Does anybody know of a way to search ALL of the "Received:" headers in a
> > message to see if it originally came from a known spammer, no matter how
> > many other machines it may have been routed through.
>
> Since there is absolutely no standard format for the Received: header
> this would be very difficult.


Is there no standard format for the Received: header, really?
RFC 2821, chapter 4.4, verces 1-5, pages 49-50:

#   When an SMTP server receives a message for delivery or further
#   processing, it MUST insert trace ("time stamp" or "Received")
#   information at the beginning of the message content, as discussed in
#   section 4.1.1.4.
#
#   This line MUST be structured as follows:
#
#   -  The FROM field, which MUST be supplied in an SMTP environment,
#      SHOULD contain both (1) the name of the source host as presented
#      in the EHLO command and (2) an address literal containing the IP
#      address of the source, determined from the TCP connection.
#
#   -  The ID field MAY contain an "@" as suggested in RFC 822, but this
#      is not required.
#
#   -  The FOR field MAY contain a list of <path> entries when multiple
#      RCPT commands have been given.  This may raise some security
#      issues and is usually not desirable; see section 7.2.


And there's a formal definition of the Received: header on page
52 of the RFC.

Vadik.

--
Strange Fruit.  A brilliant way to describe
somebody hanging from a tree...
        -- Marcus Miller