[Mimedefang] New spammer trick?

dr john halewood john at unidec.co.uk
Tue Nov 25 11:24:00 EST 2003

On Tuesday 25 Nov 2003 6:08 am, Ben Kamen wrote:
> the HELO line, I'm not sure - I don't watch that close. I practically
>refuse all email from subdomains of the popular ISP's at this point.
>Anything that's a subdomain of comcast in particular I reject with the
>message that they need to go through their ISP's mailserver.
>only "CLIENT.comcast.net" fails. I happy take email from comcast.net
>provided it passes the rest of the filters.

Out of curiosity, does anyone have a decent list of such domains that can be 
rejected? I already drop anything which comes from

But I'm sure there must be a lot of others that can be added to this list.
 The other thing I see a lot of is spam from faked aol.com and yahoo.com 
addresses. I can tell by looking at the headers that a message from 
blah at aol.com that's relayed via ES152093.user.veloxzone.com.br is obviously 
forged, but does anyone have a definitive list of _outgoing_ MTAs used by the 
likes of aol and yahoo? It would cut down enormously the amount of time I 
spend looking through quarantine notifications if I could simply do a check 
for something like 
if ( $Sender ~ /aol.com$/ and ($Relay !~ /aol.com$/ or $Relay !~ 
/my.backup.mx$/) ) { return("REJECT","blah");}


More information about the MIMEDefang mailing list