Quite well targeted rules, especially the "squid" one, but low hit rate here.
I have just checked my 700MB of mail folders for CacheFlow and squid
in the headers and, I think.., I just got junk (I have about 7000
spam emails in the trash). It is not common here, a total of perhaps
5 emails (in many years) for CacheFlowServer (no space though) and
about 100 for squid. But I am not sure they are both from ident
calls, perhaps sendmail (no more here) changed the way it logged it.
For CacheFlowServer in particular I always got
CacheFlowServer@[w.x.y.z] instead of ident:...
The low numbers of hits might have been the result of rbl lists kicking in.
Giuliano
At 11:10 +0200 2002/12/09, sharun@??? wrote:
> deny condition = ${if eq{$sender_ident}{squid}{yes}{no}}
> message = Hacked proxy ? Go away!
>
> deny condition = ${if eq{$sender_ident}{CacheFlow Server}{yes}{no}}
> message = Hacked proxy ? Go away!
>
>
>Alan J. Flavell wrote:
>>
>> There's a class of event which shows up in the logs as e.g
>>
>> 2002-12-07 00:42:43 H=(nric) [200.160.36.13] (CacheFlow Server)
>> F=<wvdvn@???> rejected RCPT...
>>
>> Am I right in thinking that "CacheFlow Server" here is always
>> indicative of an open proxy? What actually _is_ this item of data in
>> the mainlog, I'm having a hard time finding it documented in chapter
>> 44. I'm suspicious that it might be the rfc1413 "ident", but then why
>> isn't it prefixed with "U=" as indicated in 44.12?
>>
>> Does anyone block mail on the basis of this indication, and if so,
>> could they offer an exim4 recipe for it, please? It seems to be quite
> > a pestilence.
--
H U M P H
|| |||
software
Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/
