At 12:10 2003-01-19 -0800, Bart Schaefer did say:
On Sun, 19 Jan 2003 fleet(_at_)teachout(_dot_)org wrote:
> And, fwiw, I am trying to determine if the domain used in the ^From:
> line and in the ^Message-Ed: line are different. (And if they're
> different, the message goes to the spam box.)
That's not necessarily a good test. Lots of home and small business users
(dialup or DSL) will have a From: address that points to their private
domain, but a Message-ID: that has their ISP's SMTP gateway domain (or no
domain at all, if they're using a sufficiently broken MUA that tries to
generate its own message-id). People using web mailer interfaces, too.
Additionally, there are hostname issues - a From: domain may be
"@fubar.org", and the messageid may end with "@mail.fubar.org". But, the
simple fact that most hosted domains are going to have the ISP's mailserver
in the messageid should be ample reason.
FTR, I do a _similar_ test, but it is limited to a handful of freemail-type
services:
:0
* ^From:.*@(.*\.|)\/(juno\.com|hotmail\.com|yahoo\.co\.jp|lycosemail\.com|\
mailcity\.com|altavista\.com|webmail\.com|email\.com|myrealbox\.com)
* $ ! ^Message-Id:.*@(.*\.|)$MATCH
{
LOG="SPAM: forged $MATCH$SPAMVER"
:0:
|gzip -9fc >> spam.gz
}
An important distinction here is that I don't look for the _whole_ host
portion of the messageid to match the domain in the From - I check for it
appearing within the MessageID.
This does flag messages which people send from their own SMTP but using
their freemail service address, but I have spam exclusion rules for clean
mailing lists (those requiring a reasonable confirmation before subscription).
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail