procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: A question?

2007-02-03 12:53:48
from [Michael J Wise] [Permanent Link] 
On Feb 3, 2007, at 6:46 AM, nobody wrote:

On Sat, 03 Feb 2007 11:17:01 -0500 (EST), Ishwar Rattan wrote:

I am seeing too many e-mails of the header types:
...
Received from: nuisursystem.com (unknown [125.180.77.87])


You're using Postfix, yes?


Is there a way to filter on 'unknown' keyword using procmail?


Yes.


        [ snicker... / ]

        :0
        * ^Received:.*\(unknown \[

Now, the bigger question: Are you sure this is a good idea?
The 'unknown' means that either:

1) the reverse DNS doesn't exist, as in this case:

            $ host 125.180.77.87
        Host 87.77.180.125.in-addr.arpa not found: 3(NXDOMAIN)

2) or, that the forward and reverse DNS don't agree.

If you block, or even filter, based on that, you're gonna see false  
positives.
Granted, it's a pretty good indicator that someone's not paying  
attention to their DNS config, but...
You're gonna see False Positives.
Be ready for it.

Aloha mai Nai`a!
-- 
"Please have your Internet License             <http://kapu.net/ 
~mjwise/>
   and Usenet Registration handy..."




____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: A question?, nobody
Next by Date:  RE: A question?, DR. Lee - NS1
Previous by Thread:  Re: A question?, nobody
Next by Thread:  RE: A question?, DR. Lee - NS1
Indexes:  [Date] [Thread] [Top] [All Lists]