procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: A question?

2007-02-03 18:28:15
from [DR. Lee - NS1] [Permanent Link] 
Hi,
 
How about the message in the header saying "may be forged", is it safe
to filter it out?

Also I found in the subject line, it often contains the leading prefix
like

      AD:xxxx
      SPAM: Best buy .....

Is this some clever server put it for us to make filter easier?

Rgds,
Kwang-Fuh Lee.
 


Aloha mai Nai`a! wrote



Now, the bigger question: Are you sure this is a good idea?
The 'unknown' means that either:



1) the reverse DNS doesn't exist, as in this case:



          $ host 125.180.77.87
      Host 87.77.180.125.in-addr.arpa not found: 3(NXDOMAIN)



2) or, that the forward and reverse DNS don't agree.



If you block, or even filter, based on that, you're gonna see false  
positives.
Granted, it's a pretty good indicator that someone's not paying  
attention to their DNS config, but...
You're gonna see False Positives.
Be ready for it.



 




____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: A question?, Michael J Wise
Next by Date:  Re: A question?, Michael J Wise
Previous by Thread:  Re: A question?, Michael J Wise
Next by Thread:  Re: A question?, Michael J Wise
Indexes:  [Date] [Thread] [Top] [All Lists]