On Tue, Nov 11, 2008 at 12:08:24AM +0100, Kjetil Torgrim Homme wrote:
> On Mon, 2008-11-10 at 17:52 +0000, Adam Stephens wrote:
> > I certainly wouldn't block on it outright like this. We see forwarded
> > mail with hotmail senders, and mailing list mail, and mail from ebay's
> > mail servers, and apparently legitimate mail sent via other ISPs, all of
> > which would be rejected by this rule.
>
> deny message = Faked hotmail, so you must be spam.
> log_message = Fake hotmail
> senders = *@hotmail.com
> condition = ${if match {$sender_host_name} \
> {\Nhotmail.com$\N}{no}{yes}}
>
> the test checks the envelope sender, not the headers of the e-mail. you
> won't get false positives from mailing lists, forwarded e-mail or eBay
> with that rule.
That rule will absolutely break forwarded email from hotmail users
unless you take measures in earlier ACLs to skip the check.
Checking the envelope sender doesn't make this rule any more
resilient. Email that is bounced or relayed forward to a new
recipient will still have an envelope sender from hotmail.com.
Now, the above check is common when checking HELO hostnames. It is
logically valid to ensure that a remote server advertising itself as
hotmail.com should have reverse DNS within hotmail.com's domain. But
that is not what the above rule does.
--
Dean Brooks
dean@???
