Re: [Exim] Spam due to forgeries out domains hosted by outbl…

Top Page
Delete this message
Reply to this message
Author: Odhiambo G. Washington
Date:  
To: exim-users
Subject: Re: [Exim] Spam due to forgeries out domains hosted by outblaze
* Suresh Ramasubramanian <linux@???> [20040218 13:02]: wrote:
> <quote who="Odhiambo G. Washington">
> > We receive a lot of spam with forged sender addresses bearing domain
> > names hosted by Outblaze. I have spoken to the man in the driver's
> > seat at hotblaze (Hi Suresh) and he's given me some valuable advise.
>
> They are not just a problem at your end. And god knows, I've posted these
> filters several times in the past.
>
> 1. If you see ".mr.outblaze.com" in any Received: header --> forged spam.
>
> 2. If you see HELO mail.com, HELO email.com etc --> forged spam



Could you kindly let me know what you see could be amiss with these two
rules, because some spammers manage to bypass them...


deny    message       = We do not accept helos from mail.com or email.com
        condition     = ${if match{$sender_helo_name}{\N^e?mail\\.com\N}{yes}{no}}


deny    message       = HELO of outblaze.com not from an outblaze address
        !hosts        = 205.158.62.0/24 : 202.86.166.0/24: 210.177.227.128/28 : 203.86.162.161/28
        condition     = ${if eq{$sender_helo_name}{outblaze.com}{yes}{no}}




        cheers
       - wash
+----------------------------------+-----------------------------------------+
Odhiambo Washington                     . WANANCHI ONLINE LTD (Nairobi, KE)  |
<wash at wananchi dot com>              . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223                 . # 10286, 00100 NAIROBI             |
GSM: (+254) 733 744 121                 . (+254) 020 313 985 - 9             |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"
                         --from a /. post