* Suresh Ramasubramanian <linux@???> [20040218 13:02]: wrote:
> <quote who="Odhiambo G. Washington">
> > We receive a lot of spam with forged sender addresses bearing domain
> > names hosted by Outblaze. I have spoken to the man in the driver's
> > seat at hotblaze (Hi Suresh) and he's given me some valuable advise.
>
> They are not just a problem at your end. And god knows, I've posted these
> filters several times in the past.
>
> 1. If you see ".mr.outblaze.com" in any Received: header --> forged spam.
>
> 2. If you see HELO mail.com, HELO email.com etc --> forged spam
I am following through on the above two suggestions and would like to
request for comments. I have written the following rule to use in my
RCPT acl, following Suresh's 1st advise..
deny message = OUTBLAZE forgery. Go away! This is not from outblaze address
!hosts = 205.158.62.0/24 : 202.86.166.0/24 : 210.177.227.128/28 : 203.86.162.161/28
condition = ${if and { \
{eq {$sender_helo_name}{outblaze.com}}\
{match {$h_Received:}{.*mr.outblaze.com}} \
}\
{yes}{no}}
log_message = OUTBLAZE FORGERY: HELO from $sender_helo_name with ($sender_host_name)
I am mostly worried about the condition, esp the $h_Received part ;)
cheers
- wash
+----------------------------------+-----------------------------------------+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) |
<wash at wananchi dot com> . 1ere Etage, Loita Hse, Loita St., |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"
--from a /. post