[prev in list] [next in list] [prev in thread] [next in thread]
List: procmail
Subject: Re: whitelists based on domain only
From: "Ruud H.G. van Tol" <rvtol () isolution ! nl>
Date: 2003-11-20 12:00:25
[Download RAW message or body]
Toen ik Peter Rosa kietelde, kwam er dit uit:
> But what about testing some other header, e.g. Received-from:
> instead of From:
> There was the recomendation for me to look in it, as the
> From: header might be not real sender's address.
> How could look the condition line (now it is * ^From [^@]@\/[^ ]+ ) ?
Look closer, it is not using the From: header but the From_ header.
But even that header does not always have the real address.
I don't know a Received-from: header, I think you mean the 'chain' of
Received: headers. The oldest Received: header in your message is
Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.12.9/8.12.9)
with SMTP id hAK5Oms1056625 for <procmail(AT)lists.RWTH-Aachen.DE>;
Thu,
20 Nov 2003 06:24:48 +0100 (CET envelope-from prosa(AT)pro.sk)
These can also be easily faked. Normally, headers like Date:, From:,
Subject:, To:, Message-id:, Organization: are older than (so come after)
the last Received: header.
The more interesting Received: header in your message is the one just
before the oldest, where your message crosses over to Aachen:
Received: from ns.pro.sk (proxy.pro.sk [212.55.244.46])
by relay2.rwth-aachen.de (8.12.10/8.12.7/1) with ESMTP id
hAK5P5GK017873
(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT)
for <procmail(AT)lists.RWTH-Aachen.DE>; Thu, 20 Nov 2003 06:25:06 +0100
(MET)
If you take the IP-nr from that (see my XIP.rc for a way to do that)
and check that with a couple of DNSBL lists (including whether it is
coming
from Asia, Brazil, etc.), then you can adjust the over-all spam-weight by
the origins of the message.
XIP, DNSBL, etc:
http://www.xs4all.nl/~rvtol/procmailrc.txt
Checking hosts (he even does it from URLs):
http://www.xs4all.nl/~monitor/rblhost.rc.txt
http://www.xs4all.nl/~monitor/rblqp.rc.txt
with results on
http://cgi.monitor.nl/rblhosts.html
http://cgi.monitor.nl/popstats.html
--
Affijn, Ruud
_______________________________________________
procmail mailing list
procmail@lists.RWTH-Aachen.DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic