On 11/21/07 3:29 AM, "Marcin Krol" <[EMAIL PROTECTED]> wrote:
> 1. Get revdns name for incoming IP. > > 2. Extract domain from envelope-from address. Remove leftmost subdomain > (radca.lex.pl -> lex.pl) (this is done for sake of large email providers > who send mail from hosts that are not their MXes, smth like > smtp43.someprovider.com for outgoing mail and smtp.someprovider.com for > incoming mail) > > 3. If string 2 doesn't contain string 1 (revdns name), the domain is > faked and this could be used for things like increasing SA score or > doing fakereject in Exim. > > Could this work? Pros? Cons? If it were that easy, the game would have been over a dozen years ago. Mail from [EMAIL PROTECTED] and [EMAIL PROTECTED] comes (legitimately) from servers named ...hotmail.com. Many other examples. Large exception list. Constantly changing. Forwarding (without SRS). --John -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
