procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Filtering bogus Received lines

1997-09-15 14:07:41
from [Brian Buchanan] [Permanent Link] 
Does anyone have a procmail recipie for catching spams by checking for
lines like:

Received: from spoofed.site (real.site.here [real.ip]) by mail.host.com

I'd like to be able to check if the 2nd level domain of what is claimed in
the HELO and that of what the relay actually reports as the hostname for
the sending host differ.  99% of spams I see have this characteristic.  I
can't figure out how to form a regexp to check for this, though.  Also,
does anyone know if it's possible to have procmail check to see if any
Received: lines appear after headers such as From, Message-Id, To, etc.?
Many spammers also make this mistake.

-------------------------------------------------------------------------------
Brian Buchanan                                    
brian(_at_)wasteland(_dot_)calbbs(_dot_)com
Fight SPAM!  Join CAUCE at http://www.cauce.org

"Using Windows NT for a server because it's easy to use is like hiring
 Miss America as your accountant because she's cute."

4.4BSD UNIX for the masses; just say NO to Microsoft!  http://www.freebsd.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How I can configure the procmail to start when I turn on my linux box?, Professional Software Engineering
Next by Date:  Possible problem with the From/To-Reply to script, R Lindberg / E Winnie
Previous by Thread:  Re: Is the Smartlist Mailing list dead?, johnjohn
Next by Thread:  Re: Filtering bogus Received lines, Edward J. Sabol
Indexes:  [Date] [Thread] [Top] [All Lists]