Clint Olsen wrote:
I'm trying to use EXITCODE=67 to reject SPAM based on certain
criteria. Unfortunately, it doesn't always work as expected,
and I'm surprised it fails. The most obvious case is where
the Received: bears no resemblance to the From: header:
From 64687116(_at_)ix(_dot_)netcom(_dot_)com Tue Feb 3 23:36:11 1998
Received: from ws1.TorahLink.com ([206.216.210.100])
I thought that by using the EXITCODE, I would be assured that
the email would be *rejected* from ws1.TorahLink.com, but in
fact Sendmail 8.8.7 attempts to deliver the "user unknown" to
netcom.com, which is obviously wrong.
Here's a totally off-the-wall idea, but it's so crazy it just
might work. Is there a way to match the IP address, i.e. the
part between "!Received:.from.*.\(\[" on the left and "\]\)" on
the right?? Then bounce to "postmaster(_at_)$MATCH"
Better yet, is there some sort of check to make sure that
the Received domain reasonably matches the From: domain?
But what happens with email sent from virtual domains??
My own filter would reject the above message based on the
fact that there is no machine name between the "(" and the "[".
Spammers like to hide their identities. My match string is...
^Received:.from.*.\(\[.*.by.*.interlog\.
My ISP, Interlog, owns both "interlog.com" and "interlog.net"
domains, so I've cut back to the "common denominator" string.
--
Walter Dnes (Toronto)
<waltdnes(_at_)interlog(_dot_)com>