Re: [exim] bank spam

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Dave Evans
Datum:  
To: exim-users
Betreff: Re: [exim] bank spam
On Sat, Feb 23, 2008 at 10:49:08AM +0000, W B Hacker wrote:
> Russell King wrote:
> > Has anyone generated a regexp to detect this bank-based stuff, such as:
> >
> > c_support.id2213153140119NOF@???
> > mailing.id09177-3682385694NOF@???
> > onlinesecurity@???
> > generatednotify.id6846-7793428NOF@???
> > generator.id3785384784762NOF@???
> > clientcareservice.id6468433113BIB@???
>
> Are you checking for valid rDNS, PTR RR, proper FQDN in HELO, not in
> dynamic-IP RBL's, not trying to pipeline when it should not, valid
> addressee on your server, not forged, proper format, encoding, mime
> usage ... and so on....?


Here, most of that junk used to get rejected for exactly those sorts of
reasons. If you don't already implement PTR checking etc. because you're
afraid of false positives, you could always choose to only apply those sorts
of checks for senders in banking domains.

These days I just reject at RCPT time for all senders which seem to be
banking-related (i.e. manually maintained list of banking domains), except
for specific recipients which have an "allow banking senders" flag set.
But of course depending on your circumstances, that option may not be open to
you.

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey