Re: [exim] Data ACL - Received: from header

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Mike Cardwell
Date:  
À: exim-users
Sujet: Re: [exim] Data ACL - Received: from header
Mark Little wrote:

> I was playing around with it and have found so far only two cases (out of
> 200+ caught) that were legitimate emails, so I believe I am on to something
> but I believe you are right and I want to get this down further.
>
> I am now playing with detecting Received: from [<sender IP>] but excluding
> if [<sender IP>].+[<sender IP>] or [<sender IP>].+[127.0.0.1] are present.
> All the spammer examples I have seen only include the one IP, so I may
> reduce this to just excluding if there is a second [<ip.address>] on the
> line.
>
> Thoughts?


I think, the main problem is that there are legitimate reasons why a
server might connect back to it's own IP. There might be value in using
this particular metric in a spam scoring system though. Let us know how
it works for you.

--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)