[Mimedefang] bounce mail based on To: domain

David F. Skoll dfs at roaringpenguin.com
Sun Sep 29 21:52:01 EDT 2002


On Sun, 29 Sep 2002, Ashley M. Kirchner wrote:

> As you can see, the To: field has a totally invalid address (as far
> as our users go), in fact, serpico is a mail gateway

As someone else said, blocking To:serpico.pcraft.com in the access
table *might* fix it, but I'm not sure.  I believe the access table
is only used when checking the envelope address, not the header
address.  You'd have to test.

You could read the HEADERS file in filter_begin, something like this:

sub filter_begin {
    if (open(HDRS, "<HEADERS")) {
        while(<HDRS>) {
            if (/^(To|Cc|Bcc):.*\@serpico\.pcraft\.com/i) {
                action_bounce("Mail to serpico.pcraft.com not allowed.");
		close(HDRS);
                return;
            }
        }
        close(HDRS);
    }
}

But it's an interesting pattern... I bet there's some spamware out there
which adds:

	To: someone at HELO_HOST

where HELO_HOST is whatever your host answers to or whatever its real
name is.  This is a nice heuristic to pick up on.  (It doesn't seem to
be much of a factor in my 1900+ spams, though...)

--
David.




More information about the MIMEDefang mailing list