[Mimedefang] Accuracy of infected IP in mdlog
David F. Skoll
dfs at roaringpenguin.com
Mon May 17 07:29:18 EDT 2004
On Mon, 17 May 2004, Jerome Tytgat wrote:
> Maybe I'm wrong but I thought mimedefang was more than just milter
> who pass mails to clamav/spamassassin.
It is. :-)
> I thought we can do some correlation about headers, validating from fields,
> validating Helo, and other things.
We can, if we care to code it in Perl.
*I* did not code Received header parsing in MIMEDefang for two reasons:
1) I don't see the point, and
2) Header lines can be faked.
I posted code to parse Received: lines from trusted hosts; that's about
as far as I would take header parsing. Anything more is dangerous and
untrustworthy.
Regards,
David.
More information about the MIMEDefang
mailing list