On 22/07/06 21:37, Jakob Hirsch wrote: > Quoting Simon Arlott: > >> Someone might find this useful, it tracks the most recent unique HELO >> names used per IP and the times they were last used - spam zombies >> become very obvious with this information. > > Nice idea. I didn't look at the code, but at first glance I'd say the > same could already be done with Exim's builtin functions and some > database backend (e.g. sqlite as a simple one). > >
It could, but then you'd miss the completely bogus HELO names that fail syntactic checks: 2006-07-07 02:58:45 rejected HELO from [221.202.166.166]:4560: syntactically invalid argument(s): \274\315\327\334 2006-07-07 02:58:48 H=(1aek.viyeyef1.ameritech.net) [221.202.166.166]:4694 F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: dnslist xbl.spamhaus.org/221.202.166.166 -- Simon Arlott
signature.asc
Description: OpenPGP digital signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
