Re: [exim] an ACL snippet

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Ted Cooper
Datum:  
To: exim-users
Betreff: Re: [exim] an ACL snippet
Stanislaw Halik wrote:
> Heya,
>
> I just came out with something like this:
>
>  deny !condition  = ISAUTH
>       !senders    = :
>       message     = No "Received:" header found in message.
>       log_message = No "Received:" header found in message. RCPT: $recipients
>       condition   = ${if ={$received_count}{1}}

>
> As far as I know, MTAs are obligated to send "Received:" headers. This
> seems to be catching spam not caught otherwise.
>
> Just in case you were interested.
>


Would this actually catch anything though? Even the most primitive
spambots seem to make an attempt at making a fake Recieved: header. In
the last week, not one of the messages sitting in my spam traps is
missing a received header (obviously not including the one my server adds).

eg. The headers provided by one of the messages crafted specifically
break bayes scanning:

[quote]
Received: from 205.167.185.130 (HELO mailgateway.Car-Part.com)
      by linuxwan.net with esmtp (,>06TA2,. 3ZT5/)
      id 53,.9G-(U7.KX-W'
      for exim@???; Wed, 20 Sep 2006 19:52:15 -0120
From: Melvin <deboranm@???>
To: <exim@???>
Date: Wed, 20 Sep 2006 19:52:15 -0120
Message-ID: <01c6dcee$45aab3a0$6c822ecf@deboranm>
MIME-Version: 1.0
Content-Type: multipart/related;
    boundary="----=_NextPart_000_000A_01C6DD07.6AF7EBA0"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1437
Thread-Index: Aca6Q'3,HSY;+*4DZ--A?D52I)'7V6==
[/quote]


I guess the important thing to ask is, does it work well for you?

Ted.