On Feb 3, 2007, at 6:46 AM, nobody wrote:
On Sat, 03 Feb 2007 11:17:01 -0500 (EST), Ishwar Rattan wrote:
I am seeing too many e-mails of the header types:
...
Received from: nuisursystem.com (unknown [125.180.77.87])
You're using Postfix, yes?
Is there a way to filter on 'unknown' keyword using procmail?
Yes.
[ snicker... / ]
:0
* ^Received:.*\(unknown \[
Now, the bigger question: Are you sure this is a good idea?
The 'unknown' means that either:
1) the reverse DNS doesn't exist, as in this case:
$ host 125.180.77.87
Host 87.77.180.125.in-addr.arpa not found: 3(NXDOMAIN)
2) or, that the forward and reverse DNS don't agree.
If you block, or even filter, based on that, you're gonna see false
positives.
Granted, it's a pretty good indicator that someone's not paying
attention to their DNS config, but...
You're gonna see False Positives.
Be ready for it.
Aloha mai Nai`a!
--
"Please have your Internet License <http://kapu.net/
~mjwise/>
and Usenet Registration handy..."
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail