One user on my server has attracted the attention of a spammer who seems to use a very particular pattern for their sporged 'From' addresses. The relevant lines in the log look like:
spamdyke[14011]: ALLOWED from: spamtopic-user=mydomain....@spamdomain.com to: u...@mydomain.com origin_ip ... 'spamdomain.com' and 'spamtopic' change continuously, so I can't block on those. However, the pattern of what I take to be the envelope sender can always be captured with: [a-z]+-user=mydomain.com@[a-z-]+\.[a-z]{2,} I believe that no legitimate message should ever match that pattern. I don't have any samples of the spammy messages themselves, which are forwarded offsite (this is why I want to kill them: they're forwarded to a Gmail address, and Gmail gets cranky if you send it too much spam). So I don't know if that same bogus address is also used in the 'From' header. I know that header blacklists support wildcards; I don't think that sender blacklists do. But I suspect that the envelope sender isn't counted as a 'header'. Is there a way I can use spamdyke to filter these messages? Thanks in advance for any tips or suggestions. Angus _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users