At 21:34 -0700 24 Apr 1998, "Felix Tilley" <ftilley(_at_)goodnet(_dot_)com>
wrote:
I am hoping this will work. At work, I get lots of spam with Message-id
headers assigned by the local incoming mailer machine. Some spammers don't
create Message-id's. Maybe they are stupid. I do not know.
So if my domain contains xyz.com,
and an incoming message has a
Message-id: of xyz.com
it should also have a
From: with xyz.com.
So should the recipe below handle this stuff?
# if the message id was assigned by the XYZ.COM mailer machine,
# it better be from someone in the xyz.com domains.
# If not trash it. I sure hope this works.
:0
* ^Message-Id:.*xyz\.com
* !^From:.*xyz\.com
/dev/null
Although the recipe looks fine there are a few problems with this.
First, a lot of spammers will also send messages with unqualified (no
domain) addresses. The local MTA will then add the local domain, so
they'd evade detection.
Second, lots of mail clients don't add their own message id, and if your
people use your ISP, but a different domain their messages will be
caught by this.
Third, even some mail servers don't add message ids (although any mail
server which doesn't should be shredded to little pieces). So non-spam
from other ISPs can also be caught.
So, in summary, it can be a good indicator that a message is spam, but
it shouldn't be used by itself to trash messages.
--
Aaron Schrab aaron(_at_)schrab(_dot_)com http://www.execpc.com/~aarons/
To err is human -- to blame it on a computer is even more so.