RE: [Declude.JunkMail] Filtering for HELOs that are IP Addresses

[Mike Hyslip]

I think some folks had some custom rules that did this, but I think they also looked for numbers between dashes, such as 201-34-98-103.xxxx.xxx Maybe some others can shed a bit more light than I J   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Wednesday, May 19, 2004 9:28 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Filtering for HELOs that are IP Addresses   Hello, All, I am considering creating a filter file that looks for HELO strings that are IP addresses.  I was going to do something along the lines of the following...   ==== # // JunkMail.05.Filter.Helo.IP.txt //   # ================================ # == Add Points To Total Weight == # ================================   # -- Untrusted HELOs   # ---- HELOs That Are IP Addresses   HELO    100    CONTAINS    0.1 HELO    100    CONTAINS    0.2 HELO    100    CONTAINS    0.3 HELO    100    CONTAINS    0.4 HELO    100    CONTAINS    0.5 HELO    100    CONTAINS    0.6 HELO    100    CONTAINS    0.7 HELO    100    CONTAINS    0.8 HELO    100    CONTAINS    0.9   <In here are also HELO 100 CONTAINS [1..8.1..9]>   HELO    100    CONTAINS    9.1 HELO    100    CONTAINS    9.2 HELO    100    CONTAINS    9.3 HELO    100    CONTAINS    9.4 HELO    100    CONTAINS    9.5 HELO    100    CONTAINS    9.6 HELO    100    CONTAINS    9.7 HELO    100    CONTAINS    9.8 HELO    100    CONTAINS    9.9 ====   Am I correct in my thinking that with this filter that an IP address in the HELO string would NOT add just 100 points to the weight of an e-mail but instead could end up adding up to 300 points because each line would be compared to the HELO string and if that string was 210.10.23.75, for example, it would add 100 points for "0.1" and "0.2" and "3.7"?   Thanks In Advance, Dan Geiser