procmail
[Top] [All Lists]

Re: How would you block a non static IP?

2002-12-05 20:21:45
At 21:00 2002-12-05 -0500, Jefferis Peterson wrote:
How would you block this guy who has a non static ip within a certain range?

Methinks you wouldn't simply block messages from the IP range, because that would thrash potential legitimate messages.

> Received: from sl1 (192.168.1.101) by
> lsanca1-ar16-4-46-030-203.lsanca1.dsl-verizon.net (LSMTP for Windows NT v1.1b) > with SMTP id <0(_dot_)000091F6(_at_)lsanca1-ar16-4-46-030-203(_dot_)lsanca1(_dot_)dsl-verizon(_dot_)net>;

192.168.x.x is a non-routed IP address. That is dramatically different than simply being non-static. If all the messages comain this "sl1" machine name, I'd consider doing something like:

:0:
* ^Received:[   ]*from sl1\>.*lsanca1.dsl-verizon.net
twit.mbx


> X-Mailer: SMTPit - FileMaker Pro Email Plugin (win ver. 3.0.7)

You might add this to the conditions if it appears in each of the messages.

> From: Chemical and Radiation Detection
> 
<support(_at_)lsanca1-ar16-4-46-030-203(_dot_)lsanca1(_dot_)dsl-verizon(_dot_)net>

ANYONE emailing *FROM* a domain like that is asking for trouble. If the messages contain that format of identifier, I'd toss 'em -- that simply isn't the type of domain someone is going to use for legitimate email:

:0:
* ^From:.*lsanca1.dsl-verizon.net
twit.mbx


[snip]

OTOH, perhaps we can just trash messages with 10+ line signatures...

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>