Hello everyone, Recently I received this spam:
X-Spam-Status: No, score=3.0 required=5.0 tests=AWL,BAYES_00,HTML_MESSAGE, HTML_OBFUSCATE_20_30,MIME_HTML_ONLY,OBFUSCATING_COMMENT,UNPARSEABLE_RELAY autolearn=no version=3.2.0 Received: from oldieszuhause.de ([212.227.100.209]:60637) by da2.domeny.com with esmtp (Exim 4.67) (envelope-from <[EMAIL PROTECTED]>) Obviously, envelope-from address is faked. This got me thinking - suppose we used following algorithm: 1. Get revdns name for incoming IP. 2. Extract domain from envelope-from address. Remove leftmost subdomain (radca.lex.pl -> lex.pl) (this is done for sake of large email providers who send mail from hosts that are not their MXes, smth like smtp43.someprovider.com for outgoing mail and smtp.someprovider.com for incoming mail) 3. If string 2 doesn't contain string 1 (revdns name), the domain is faked and this could be used for things like increasing SA score or doing fakereject in Exim. Could this work? Pros? Cons? -- Marcin Krol -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
