procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: whitelists based on domain only

2003-11-20 05:17:58
from [Ruud H.G. van Tol] [Permanent Link] 
Toen ik Peter Rosa kietelde, kwam er dit uit:


But what about testing some other header, e.g. Received-from:
instead of From:
There was the recomendation for me to look in it, as the
From: header might be not real sender's address.
How could look the condition line (now it is * ^From [^(_at_)]@\/[^ ]+ ) ?


Look closer, it is not using the From: header but the From_ header.
But even that header does not always have the real address.

I don't know a Received-from: header, I think you mean the 'chain' of
Received: headers. The oldest Received: header in your message is

  Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.12.9/8.12.9)
   with SMTP id hAK5Oms1056625 for <procmail(AT)lists.RWTH-Aachen.DE>;
Thu,
   20 Nov 2003 06:24:48 +0100 (CET envelope-from prosa(AT)pro.sk)

These can also be easily faked. Normally, headers like Date:, From:,
Subject:, To:, Message-id:, Organization: are older than (so come after)
the last Received: header.

The more interesting Received: header in your message is the one just
before the oldest, where your message crosses over to Aachen:

  Received: from ns.pro.sk (proxy.pro.sk [212.55.244.46])
   by relay2.rwth-aachen.de (8.12.10/8.12.7/1) with ESMTP id
hAK5P5GK017873
   (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT)
   for <procmail(AT)lists.RWTH-Aachen.DE>; Thu, 20 Nov 2003 06:25:06 +0100
(MET)

If you take the IP-nr from that (see my XIP.rc for a way to do that)
and check that with a couple of DNSBL lists (including whether it is
coming
from Asia, Brazil, etc.), then you can adjust the over-all spam-weight by
the origins of the message.

XIP, DNSBL, etc:
http://www.xs4all.nl/~rvtol/procmailrc.txt

Checking hosts (he even does it from URLs):
http://www.xs4all.nl/~monitor/rblhost.rc.txt
http://www.xs4all.nl/~monitor/rblqp.rc.txt
with results on
http://cgi.monitor.nl/rblhosts.html
http://cgi.monitor.nl/popstats.html

-- 
Affijn, Ruud


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: whitelists based on domain only, Peter Rosa
Next by Date:  multiple tests, Dave Stern - Former Rocket Scientist
Previous by Thread:  Re: whitelists based on domain only, Peter Rosa
Next by Thread:  multiple tests, Dave Stern - Former Rocket Scientist
Indexes:  [Date] [Thread] [Top] [All Lists]