An exception could probably be made for proper usage of the IP being used as the HELO (when enclosed in brackets). Also, a while back in an effort to reduce the processing power required for my @LINKED and IPLINKED filters, I removed all of the IP space that was reserved which amounted to about half of the Class A's. Both of these things might be good exclusions since the real-world use of this by zombie spammers won't be impacted by either change.
Matt
David Dresler wrote:
Below is an example of headers taken from a false positive using this new test. For the most part, its a great new test and is working well. However, i've noticed that Entourage seems to be getting caught. This is the second customer of mine that i've noticed getting caught by this and both are using Entourage. Is anyone else seeing this?
Thanks for any ideas....
Received: from [10.0.0.11] [208.37.231.210] by ilfmedia.com with ESMTP (SMTPD32-7.07) id A0A0C7F0140; Mon, 19 Apr 2004 14:12:00 -0700 User-Agent: Microsoft-Entourage/10.1.4.030702.0 Date: Mon, 19 Apr 2004 14:16:46 -0700 Subject: Phone message From: Rick Delker <[EMAIL PROTECTED]> To: Richard Katz <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-RBL-Warning: INTRUDERS: This E-mail came from 208.37.231.210, a potential spam source listed in INTRUDERS. [2-14-7000] X-Declude-Sender: [EMAIL PROTECTED] [208.37.231.210] X-Declude-Spoolname: D40a00c7f0140a17c.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: INTRUDERS, HELOISIP [4] X-Note: This E-mail was sent from w210.z208037231.nyc-ny.dsl.cnc.net ([208.37.231.210]). X-Note: Total Weight for this email is [4]
David Dresler Choicenet Internet Network Administrations 509.252.3939
-- Outgoing mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.230 / Virus Database: 262.8.3 - Release Date: 4/15/2004
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
