On Mon, 4 Aug 2003, Andrew - Supernews wrote:
> Checking ident allows you to do one useful thing, which is to reliably
> reject mail from Cacheflow proxies; we reject 50-100 connects/day for
> that reason alone. e.g.:
>
> deny condition = ${if eq{$sender_ident}{CacheFlow Server} {yes}{no}}
Not forgetting "squid", though we get rather fewer of those.
> works as specified, but you don't want to reject mail based on it (for
> example, Hotmail servers helo as hotmail.com, which doesn't verify).
However, their server names *do* all _end_ with hotmail.com, and there
are plenty of spammers who present 'hotmail.com' as their HELO domain,
so it may well be worth a substring test.
cheers
