Re: [exim] Data ACL - Received: from header

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Data ACL - Received: from header
Lena@??? wrote:
> P.S. I wrote:
>
>> For a couple months some spam
>
> with fake Received
>
>> penetrated greylisting (I think that only one
>> Russian botnet uses same $sender_address in all instances of same spam
>> necessary for penetrating greylisting), but if I'm not mistaken,
>> for last couple weeks that botnet switched to no fake Received line at all.
>
> but with other recognizable signs in the header. I'm testing
> a new complex set of conditions.
>


But if it is a botnet, would it not fail:

- forward/reverse lookup test?

- AND the HELO <=> FQDN match test?

??

If you don't mind onpassing a few samples, I'll be happy to see if they've been
'seen' here, and if so, which of our rules they escaped... or were caught with.

Best,

Bill