|Mon 1998-12-07 Sotero Carlos-O10006
<Carlos(_dot_)Sotero(_at_)motorola(_dot_)com> list.procmail
|
| Some bonehead/spammer is forging our domain.
| ...many complaints from users who don't know to read the
| actual headers to determine that the mail did not originate
| from our site.
It's not that simple to see, because Received Headers can be
forged and the only way to really see from where the UBE originated is to
decipher and compare time fields (for wrong timezones) to estimate
the point of injection.
It needs lot of expertise.
I don't know a tool that would do real Received header checking automatically
(for tens of UBE messages).
That's why I fall into complaining to all postmasters along the Received
chain too. Hopefully the postmasters move to never sendmail which can block
domains efficiently.
| Can anyone help me with a recipe that would allow me to
| auto reply with some reliability to forged spam complaints
| such as the two listed below?
IMO, Procmail is not the tool for these kind of things.
Drop the messages to separate folder and use some Perl or Emacs tool to
parse, investigate the messages and send the appropriate complains.
Do reverse nslookup verifications and possibly attach traceroute or dig
results.
Best is if the program connected to internic and derived the upstream
provider info where you would complain.
At least selecting the right messages is always some handwork, IMO.
| Also what can you do to prevent
| looping conditions when implementing auto-replies?
You use the X-Loop header. See from pm-tips (X-info header)
1.7 Variables used in recipes
_MY_XLOOP_ = Used to prevent resending messages that have already
been handled. Typically `$LOGNAME(_at_)$HOST', but this can be any user
chosen string. Make it it unique to your address. In this document
the definition is:
MY_XLOOP = "X-Loop: $LOGNAME(_at_)$HOST"
6.14 Sending automatic reply, use X-loop header
...
jari