On Sat, 25 Apr 1998, Aaron Schrab wrote:
At 21:34 -0700 24 Apr 1998, "Felix Tilley" <ftilley(_at_)goodnet(_dot_)com>
wrote:
I am hoping this will work. At work, I get lots of spam with Message-id
headers assigned by the local incoming mailer machine. Some spammers don't
create Message-id's. Maybe they are stupid. I do not know.
First, a lot of spammers will also send messages with unqualified (no
domain) addresses. The local MTA will then add the local domain, so
they'd evade detection.
A good way to avoid this problem is to check Received: headers.
Second, lots of mail clients don't add their own message id, and if your
people use your ISP, but a different domain their messages will be
caught by this.
What legitimate mail clients don't add a Message-Id:? If they don't,
they're violating RFC 822.
So, in summary, it can be a good indicator that a message is spam, but
it shouldn't be used by itself to trash messages.
Not to /dev/null messages, but good enough to spam-folder them. Any
mail coming from a mailer that didn't add a Message-Id: is questionable
enough for me to filter it. Thus (from junkfilter):
# Message-ID added by an enroute or local mail machine
:0
* $ ^Message-Id:[ ]+<.*@([-_a-z0-9]+\.)*$JFMAILDOM>
* ^From:.*@
* $! ^From:.*@([-_a-z0-9]+\.)*$JFMAILDOM
* $ ^Received:.*from.*\(([-_a-z0-9]+\.)*\/[-_a-z0-9]+\.$JFTLD\>
{
JFSRCDOM=$MATCH
TEMPSAVE=$SHELLMETAS
SHELLMETAS
JFSRCDOM=`expr "$JFSRCDOM" : '\(.*\).'`
SHELLMETAS=$TEMPSAVE
:0
* $ ^Received:.*from.*$JFSRCDOM.*by ([-_a-z0-9]+\.)*$JFMAILDOM
* $ JFSRCDOM ?? $JFMAILDOM
{ JFEXP="$JFSEC: Message-Id added by local mail host, not by source
$JFSRCDOM" }
}
GReg
--
Gregory S. Sutter "How do I read this file?"
mailto:gsutter(_at_)pobox(_dot_)com "You uudecode it."
http://www.pobox.com/~gsutter/ "I I I decode it?"