Re: [exim] Data ACL - Received: from header

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Mike Cardwell
日付:  
To: exim-users
題目: Re: [exim] Data ACL - Received: from header
Mark Little wrote:

> I was playing around with it and have found so far only two cases (out of
> 200+ caught) that were legitimate emails, so I believe I am on to something
> but I believe you are right and I want to get this down further.
>
> I am now playing with detecting Received: from [<sender IP>] but excluding
> if [<sender IP>].+[<sender IP>] or [<sender IP>].+[127.0.0.1] are present.
> All the spammer examples I have seen only include the one IP, so I may
> reduce this to just excluding if there is a second [<ip.address>] on the
> line.
>
> Thoughts?


I think, the main problem is that there are legitimate reasons why a
server might connect back to it's own IP. There might be value in using
this particular metric in a spam scoring system though. Let us know how
it works for you.

--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)