[Mimedefang] code to handle "troublesome domains"
Tilwens
tilwens at nofuture.ch
Fri Sep 26 16:53:01 EDT 2003
> Is it possible to just have this add to the spamassassin score?
> For example add +3 to mail that fails this check?
> That would seem to be a good method to reduce false positives but still
> check mail sent through using a false relay.
>
> --Luke
I just copy/pasted a bit. You should try something like this.
-Dave
-------- !!!! UNTESTED !!! ---------------
sub my_spam_assassin_check (;$) {
($hits, $req, $names, $report) = spam_assassin_check(@_);
@names = split (',' => $names);
push @greylist, qw(att.com
aol.com
efax.com
dell.com
earthlink.net
computerworld.com
mindspring.com
warehouse.com
jpmchase.com
gartnerinfo.com
microsoft.com
morganstanley.com
gartner.com
fedex.com
hotmail.com
yahoo.com
msn.com
freeaccess.nl
email.com
angelfire.com
netzero.net
a0l.com
bellsoth.com
bellatlantic.net
swbell.net
excite.com
yahoo.co.uk
mail.ru
);
foreach $check (@greylist) {
if ($sender=~/\@$check>?$/i) {
if (!($hostname=~/$check/i)) {
# allow monster.com relay to forge sender
if ($ip =~ "^208\.30\.129\.") {
return ('CONTINUE', "ok");
}
# msn.com uses hotmail.com relays
if ($sender=~/\@msn\.com>?$/i) {
if ($hostname=~/hotmail\.com/i) {
return ('CONTINUE', "ok");
}
}
# morganstanley.com uses ms.com relays
if ($sender=~/\@morganstanley\.com>?$/i) {
if ($hostname=~/ms\.com/i) {
return ('CONTINUE', "ok");
}
}
# att.com uses transedge.com
if ($sender=~/\@att\.com>?$/i) {
if ($hostname=~/transedge\.com/i) {
return ('CONTINUE', "ok");
}
}
# bellatlantic.net uses verizon.net
if ($sender=~/\@bellatlantic\.net>?$/i) {
if ($hostname=~/verizon\.net/i) {
return ('CONTINUE', "ok");
}
}
# jpmchase.com uses chase.com
if ($sender=~/\@jpmchase\.com>?$/i) {
if ($hostname=~/chase\.com/i) {
return ('CONTINUE', "ok");
}
# new JPMChase mail relay, and DNS hasn't been updated yet
if ($ip =~ "^208\.44\.119\.191") {
return ('CONTINUE', "ok");
}
}
# yahoo.co.uk uses yahoo.com
if ($sender=~/\@yahoo\.co\.uk>?$/i) {
if ($hostname=~/yahoo\.com/i) {
return ('CONTINUE', "ok");
}
}
# netzero.net uses untd.com
if ($sender=~/\@netzero\.net>?$/i) {
if ($hostname=~/untd\.com/i) {
return ('CONTINUE', "ok");
}
}
# mindspring.com uses mindpsring.net
if ($sender=~/\@mindspring\.com>?$/i) {
if ($hostname=~/mindspring.net/i) {
return ('CONTINUE', "ok");
}
if ($hostname=~/earthlink\.net/i) {
return ('CONTINUE', "ok");
}
}
md_graphdefang_log('sender_used_illegal_relayhost', $Sender,
$RelayAddr);
$hits += 3;
push(@names, 'SENDER_USED_ILLEGAL_RELAYHOST');
}
}
}
$names = join (',' => @names);
return ($hits, $req, $names, $report);
}
More information about the MIMEDefang
mailing list