On Wed, Jan 08, 2003 at 11:14:11AM -0500 or thereabouts, Jefferis Peterson
wrote:
I presume the following has a forged header, but I'm trying to determine the
logic of it so that I can visually detect them.
For your info, every header can be forged except the last one sent to you.
Many headers, such as the one you emailed about, have forged addresses in
it.
In my opinion, and I do not know if you are running your own mail server,
and DNS server, but if so, you can be best served (in my opinion) by using
tried and true services offered by your DNS and/or SMTP programs. For
example, I use RBLSMTPD and RBLDNS offered, and part of, qmail, where you
can effectively block IP ranges automatically, so they are blocked before
getting into your system, and not after. This is extremely effective, and
is *much* easier to employ. Just my 2c. You can use your own handmade RBL
lists, and also have these call to standard ORBS / spamcop, etc. lists
from the web, RBL lists which will add their current IP blocks
automatically, thereby eliminating your need to look up every header for
IP addresses to add to procmail. My point is why re-invent the wheel.
Showing a repeat of the previous link in the chain? Is it always so direct
and traceable by ip?
--
Gary
sed '/^[when][coders]/!d
/^...[discover].$/d
/^..[real].[code]$/!d
' /usr/share/dict/words
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail