Checking for no Message-Id at all is futile if your site uses
Sendmail, because (stock) Sendmail will always add a Message-Id if one
is missing. Other MTA:s (among them Qmail, I hear) act more sensibly,
and leave the headers alone on incoming mail.
I suppose one could check and see if the Message-Id was created at
the local site, then compare the From_ address with a set of known
domains. This could stand some cleaning up, but it's kind of
spontaneous:
FROM=`formail -xFrom: | fgrep -i -f /etc/mail/FromOK`
:0 c:
* ^Message-Id:.*domain\.com>$
* ^From [^(_at_)]+@[^ ]+
* !FROM ?? .
/scratch/spam
pull out From: header, check against file of ok domains
check if your domain name is in the Message-Id:
make sure the address has an @ (otherwise could be local)
did our earlier check agains valid domains fail? If so,
IT MIGHT BE SPAM.
Paparazzi of the Net: No matter what you do to protect your privacy,
they'll hunt you down and spam you. <http://www.iki.fi/~era/spam/>
Ain't that the truth. :(
Chris