RE: [Exim] New AOL Mailer for forgery filter (for Exim 4.x)

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Jeffrey Wheat at <-
MMSuresh Ramasubramanian at ->
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: Jeffrey Wheat
CC: Exim users list
Subject: RE: [Exim] New AOL Mailer for forgery filter (for Exim 4.x)
At 15:08 -0500 2002/12/19, Jeffrey Wheat wrote:
>While this works great for web-based mail clients, this
>is rejecting valid emails sent by AOL cable modem users
>that are using outlook or other email clients. Has anyone
>come up with a better way to handle AOL abused addresses?
>
>Thanks
>Jeff
>

I have a very generic rule that I only apply to sender addressed
satisfying certain spam criteria. The spam criteria are a mixture of
length of local part, patterns in local part or domain (including
domain containing aol/msn/hot/etc.). The rejection criteria
(temporary or permanent) go from host verification (DNS), to
consistency of HELO with the host address.
Unfortunately there are a number of system administrators who think
they can disregard the proper configuration of their DNS and even
ignore reports of incorrect reverse DNS (in one case a large company,
subsidiary of Motorola, has set the reverse of one of their
mailservers to an inexistent domain). There are also a number of ISP
who do not provide reverse DNS at all for some of their zones.

Most of the administrator out there do a good job, and this helps in
identifying spam. With my rules I have almost removed spam from my
domain, and I do not use any rbl lists.

Anyway, if you really want to only check aol and similar, an HELO
check is almost 100% accurate (of course, it would not take much for
a spammer to get through it, but the nature of my checks mean that I
am then able to identify either the source or the open relay owner).

Before I am accused of being too strict, may I say that all the
examples I saw in the relevant RFCs did report an HELO argument that
looked like a bona fide fully qualified domain name. Of course there
is no way to check that this was indeed the case, but the term
"hostname" is used there and the unix utility "host", as the man page
says, looks up host names using domain server. It is hard to argue
that a hostname is whatever we decide to call a machine.
Thus I think that incorrect naming of mail servers is indeed in
breach of RFCs and should perhaps be one of the tests of
rfc-ignorant.org (or whatever its name is). 

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Public key for signed tarballs?[Exim] locan scan and exim dies->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)