Author: W B Hacker Date: To: exim users Subject: Re: [exim] Data ACL - Received: from header
Lena@??? wrote: > P.S. I wrote:
>
>> For a couple months some spam
>
> with fake Received
>
>> penetrated greylisting (I think that only one
>> Russian botnet uses same $sender_address in all instances of same spam
>> necessary for penetrating greylisting), but if I'm not mistaken,
>> for last couple weeks that botnet switched to no fake Received line at all.
>
> but with other recognizable signs in the header. I'm testing
> a new complex set of conditions.
>
But if it is a botnet, would it not fail:
- forward/reverse lookup test?
- AND the HELO <=> FQDN match test?
??
If you don't mind onpassing a few samples, I'll be happy to see if they've been
'seen' here, and if so, which of our rules they escaped... or were caught with.