Hi !!
> I'm getting more and more spam from webmail sites like hotmail, and i
> was wondering if it was possible to write an acl to check the
> X-originating-IP header against blacklists. i thought it would be a
> simple task, but i've failed. perhaps somebody could clue me in :-)
the problem of using this is that many users have dinamically assigned
ip addresses, so some users will get blacklisted ip's without having
ever send a virus or spam message, so take care of avoid using this on
mailing list mail and trusted senders (you will need a good way to
avoid false positives), we use this:
# Blacklisted ip in X-Originating-IP:
warn set acl_m2 =
warn condition = ${if def:h_x-originating-ip:}
set acl_m2 = ${sg {$h_x-originating-ip:}{(\\[|\\])}{}}
warn condition = ${if eq {$acl_m2}{}}
condition = ${if def:h_x-mdremoteip:}
set acl_m2 = ${sg {$h_x-mdremoteip:}{(\\[|\\])}{}}
deny condition = ${if isip{$acl_m2}}
dnslists = bl.spamcop.net/$acl_m2 : \
sbl-xbl.spamhaus.org/$acl_m2 : \
virbl.dnsbl.bit.nl/$acl_m2 : \
list.dsbl.org/$acl_m2
message = Originating IP listed at $dnslist_domain
log_message = Blacklisted originating IP \
($acl_m2 listed at $dnslist_domain)
--
Salu-2 y hasta pronto ...
I am Homer of Borg. Prepare to be assim... mmmm, donuts.
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david@???
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------
