Re: [Exim] RE: Rejecting forged local addresses

Top Page
Delete this message
Reply to this message
Author: Dr Andrew C Aitchison
Date:  
To: Richard, WhidbeyNet NOC
CC: miles, exim-users
Subject: Re: [Exim] RE: Rejecting forged local addresses
On Tue, 23 Jul 2002, Richard, WhidbeyNet NOC wrote:

> What if you reject a message when the number of RCPT's is more than 1,
> the IP address is not in relays, and the MAIL FROM is a local address?
> Since forwards, and mailing lists, usually address messages to 1 RCPT
> only.


I've personally received two spams today pupporting to be sent by me
which were only sent to me, so I doubt that the number of RCPT's will
help.

Looking at the headers in my pile of spam, I see that several of
the ones to and from me have an out of order Received header
pporting to havbe come through a non-existant host in my domain, eg:

Received: from dpmms.cam.ac.uk by 619U5T.dpmms.cam.ac.uk with SMTP for
a.c.aitchison@???; Tue, 23 Jul 2002 04:08:40 -0500

I don't have, and never have had a host 619U5T.dpmms.cam.ac.uk.
I also note that that machine is in a different time zone from me.

However these signs of a spam would appear more appropriate for
something like spam assassin than a simple filter :-(.

--
Dr. Andrew C. Aitchison        Computer Officer, DPMMS, Cambridge
A.C.Aitchison@???    http://www.dpmms.cam.ac.uk/~werdna