[Mimedefang] bounce mail based on To: domain
David F. Skoll
dfs at roaringpenguin.com
Sun Sep 29 21:52:01 EDT 2002
On Sun, 29 Sep 2002, Ashley M. Kirchner wrote:
> As you can see, the To: field has a totally invalid address (as far
> as our users go), in fact, serpico is a mail gateway
As someone else said, blocking To:serpico.pcraft.com in the access
table *might* fix it, but I'm not sure. I believe the access table
is only used when checking the envelope address, not the header
address. You'd have to test.
You could read the HEADERS file in filter_begin, something like this:
sub filter_begin {
if (open(HDRS, "<HEADERS")) {
while(<HDRS>) {
if (/^(To|Cc|Bcc):.*\@serpico\.pcraft\.com/i) {
action_bounce("Mail to serpico.pcraft.com not allowed.");
close(HDRS);
return;
}
}
close(HDRS);
}
}
But it's an interesting pattern... I bet there's some spamware out there
which adds:
To: someone at HELO_HOST
where HELO_HOST is whatever your host answers to or whatever its real
name is. This is a nice heuristic to pick up on. (It doesn't seem to
be much of a factor in my 1900+ spams, though...)
--
David.
More information about the MIMEDefang
mailing list