Does anyone have a procmail recipie for catching spams by checking for
lines like:
Received: from spoofed.site (real.site.here [real.ip]) by mail.host.com
I'd like to be able to check if the 2nd level domain of what is claimed in
the HELO and that of what the relay actually reports as the hostname for
the sending host differ. 99% of spams I see have this characteristic. I
can't figure out how to form a regexp to check for this, though. Also,
does anyone know if it's possible to have procmail check to see if any
Received: lines appear after headers such as From, Message-Id, To, etc.?
Many spammers also make this mistake.
-------------------------------------------------------------------------------
Brian Buchanan
brian(_at_)wasteland(_dot_)calbbs(_dot_)com
Fight SPAM! Join CAUCE at http://www.cauce.org
"Using Windows NT for a server because it's easy to use is like hiring
Miss America as your accountant because she's cute."
4.4BSD UNIX for the masses; just say NO to Microsoft! http://www.freebsd.org