[Mimedefang] Can MD/SA combo detect no reverse ip?
Joseph Brennan
brennan at columbia.edu
Thu Jun 12 09:11:01 EDT 2003
--On Thursday, June 12, 2003 07:22 -0400 "G. Roderick Singleton"
<gerry at pathtech.org> wrote:
> I have been watching my logs for the past few days and find that there
> is a bunch o' spam that gets trough with SA scores of less than the 5
> threshold I use and most of these don't resolve to a reverse address
> that is authoritative. I would like to block these and if possible block
> dns lamers.
You'd be rejecting a lot of non-spam mail. Some of the MSN mail
servers lack reverse DNS, as an example; so do miscellaneous
nonprofits and small businesses. Remember the RFCs do not require
rDNS for mail hosts.
But you could add to the spam score.
In filter_begin()
# Spamassassin tweaks using relay information
$SA_score_additions = 0;
$SA_test_additions = "";
# Prejudice against no rDNS
if ($RelayHostname =~ /\[$RelayAddr\]/) {
$SA_score_additions += 2;
$SA_test_additions .= ",NO_RDNS";
}
In filter_end(), add the score and test name right after you run
Spamassassin, like this.
my($hits, $req, $names, $report) = spam_assassin_check();
# add our things
$hits += $SA_score_additions;
$names .= $SA_test_additions;
The reason I did it this way was to use the $RelayHostname
and $RelayAddr values that we get in Mimedefang.
Adding 2 is enough for us.
Joseph Brennan Columbia University in the City of New York
postmaster at columbia.edu Academic Technologies Group
More information about the MIMEDefang
mailing list