[Exim] Scanning Received: headers for Dialups

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Exim User's Mailing List at ->
Delete this message
Reply to this message
Author: Glenn Carver
Date:  
To: exim-users
Subject: [Exim] Scanning Received: headers for Dialups
I've been looking at the spam still getting through our filters and
most of it is from dialups not listed in the DNSBLs.

I noticed that it is common for dialup lines to have names with many
'-'s in them.
e.g.

Received: from [80.162.59.221] (helo=x1-6-00-00-b4-5a-56-60.k250.webspeed.dk)

I was wondering whether a workable spam filter would be one which
checked the last listed Received: header for a string which included
(say) 4 '-'s in the leftmost part of the domain.

Would this approach work as a way of identifying dialups?

Glenn



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] spamd breaking EXIM[Exim] How to test DNS-Deny lists->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)