[Mimedefang] New spammer trick?

WBrown at e1b.org WBrown at e1b.org
Tue Nov 25 13:44:23 EST 2003

mimedefang-bounces at lists.roaringpenguin.com wrote on 11/25/2003 11:24:00 

> But I'm sure there must be a lot of others that can be added to this 
>  The other thing I see a lot of is spam from faked aol.com and yahoo.com 

> addresses. I can tell by looking at the headers that a message from 
> blah at aol.com that's relayed via ES152093.user.veloxzone.com.br is 
> forged, but does anyone have a definitive list of _outgoing_ MTAs used 
by the 
> likes of aol and yahoo? It would cut down enormously the amount of time 
> spend looking through quarantine notifications if I could simply do a 
> for something like 
> if ( $Sender ~ /aol.com$/ and ($Relay !~ /aol.com$/ or $Relay !~ 
> /my.backup.mx$/) ) { return("REJECT","blah");}

Why not check that anything from user at aol.com comes from a server that 
ends in aol.com?  If you start adding specific server names, you'll get 
hosed when AOL adds another server in their outbound mail system.

More information about the MIMEDefang mailing list