[Mimedefang] Have I mentioned that MIMEDefang is great?

[Joseph Brennan]

Six days ago Michael Sims posted an interesting message about
Hotmail spam.  There's a lot of it.

In the filter code, which I've been logging with, he wrote--

>         # Check to see if any of the octets has a leading zero or
>         # doesn't fall in the 0-255 range
>         my @octets = split(/\./, $ipAddr);
>         foreach (@octets) {
>           $forgedOrigIp_2 = 1 if (/^0/ || $_ < 0 || $_ > 255);
>         }

But you can have a leading zero if the octet is just 0, like
209.197.0.23, so make it---

              if (/^0[0-9]/ || $_ < 0 || $_ > 255)


I also found a case where the X-Originating-Email address does
not match the From: header address, in non-spam.  The message
travelled via Yahoo.  It looks as if the contents of the original
From: were moved to an X-eGroups-From: header.

Joseph Brennan          Columbia University in the City of New York
postmaster at columbia.edu                 Academic Technologies Group