[Mimedefang] Previous relay information
Whit Blauvelt
whit at transpect.com
Wed Dec 13 17:42:30 EST 2006
On Wed, Dec 13, 2006 at 06:43:37PM +0900, Mark van Proctor wrote:
> Any help / thoughts / suggestions are much appreciated!!
One thing I did do, which might not apply to you, but since you said "Any"
...
A great deal of the spam to my system is to addresses that have apparently
been harvested from other spam that's faked coming from several of my
domains. But for some reason the fakers like to use subdomains in the
address, so that the spam comes in to phonyuser at sub.domain.com rather than
to user at domain.com. As it happens, the subdomain is never legitimately used.
Whitelisting, these spammers were just switching to the secondary MX on
TEMPFAIL. So I added a rule to just drop them, like this, towards to top of
filter_recipient:
if ($Recipients[0] =~ m/sub\.domain\.com/) {
md_syslog('warning','subdomain matches - discarding');
return ('DISCARD', 'OK');
}
Since the discard is silent to the sender, they figure it got through, and
don't use the secondary. Come to think of it, I'll bet that last relay info
you wanted is in $Recipients[1] - but I'm still not sure what you'll want to
do with it.
Whit
More information about the MIMEDefang
mailing list