Author: Alan J. Flavell Date: To: Exim users list Subject: Re: [Exim] variation on dns blacklists
On Mon, 22 Dec 2003, Don Walker wrote:
> My Exim 4.20 receives mail for a user whose mail is forwarded from another
> service with a constant ip address (1st 3 octets), thereby negating my
> normal dns blacklist spam blocking measures. However, the ip address which
> sent the message to the forwarding service is within the headers. I'm
> wondering if/how I can extract that ip address and use it to check against
> dns blacklists.
Look for the subject ".forward files and spam leaks" in the list
archive. Should get you started.
The recipes mentioned there are only useful if you can clearly
identify (i.e in the Received: headers) a few mailers which are
delivering spam in this way. I suspect it would need major ingenuity
to extend it to a wide range of senders. But you said you have a
specific one in mind; in our case, there's a handful of forwarding
sites that are of particular relevance (although each of them seems to
have several different routes for spam, and we need to identify each
of them in order to make the spell really effective).