Tom Kistner said:
> Suresh Ramasubramanian wrote:
>
>> 2. mail from: *@yahoo.* from an IP that doesn't have rDNS / has generic
>> cable / dsl looking rDNS = fake
>
> You have a recipe (regex list?) for matching cable / dsl looking rDNS
> entries? That would be quite nice :P
I've been using a rule in Spam Assassin for that with decent results.
header POOL_WARNING1 Received =~
/\.atlantabroadband\.com|customer|ppp|poole?s?
|modem|cable|node|adsl|dial|dsl|client|(insight|tampabay|maine|nyc|nc|cinci)
\.rr\.com|vc\.shawcable\.net|se\.client..?\.attbi\.com|\.(east|west)
\.verizon\.net|(nj|sc)\.comcast\.net|\.dis.net|\.charter.com|metropolis\-inter\.com/i
describe POOL_WARNING1 Contains likely dsl address in header
score POOL_WARNING1 2.0
http://exim.got-there.com/forums/viewtopic.php?p=532#532
Note that the first line of the rule it quite long and is broken up on the
posting. There is a header, describe and score line.
--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums -
http://exim.got-there.com/forums