[Mimedefang] New spammer trick?
dr john halewood
john at unidec.co.uk
Tue Nov 25 11:24:00 EST 2003
On Tuesday 25 Nov 2003 6:08 am, Ben Kamen wrote:
> the HELO line, I'm not sure - I don't watch that close. I practically
>refuse all email from subdomains of the popular ISP's at this point.
>Anything that's a subdomain of comcast in particular I reject with the
>message that they need to go through their ISP's mailserver.
>
>only "CLIENT.comcast.net" fails. I happy take email from comcast.net
>provided it passes the rest of the filters.
Out of curiosity, does anyone have a decent list of such domains that can be
rejected? I already drop anything which comes from
client.comcast.net
client.attbi.com
client2.attbi.com
But I'm sure there must be a lot of others that can be added to this list.
The other thing I see a lot of is spam from faked aol.com and yahoo.com
addresses. I can tell by looking at the headers that a message from
blah at aol.com that's relayed via ES152093.user.veloxzone.com.br is obviously
forged, but does anyone have a definitive list of _outgoing_ MTAs used by the
likes of aol and yahoo? It would cut down enormously the amount of time I
spend looking through quarantine notifications if I could simply do a check
for something like
if ( $Sender ~ /aol.com$/ and ($Relay !~ /aol.com$/ or $Relay !~
/my.backup.mx$/) ) { return("REJECT","blah");}
cheers
john
More information about the MIMEDefang
mailing list