On Sat, Feb 23, 2008 at 10:49:08AM +0000, W B Hacker wrote: > Russell King wrote: > > Has anyone generated a regexp to detect this bank-based stuff, such as: > > > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > > > etc? > > > > I'm currently using: > > > > ^(?:auto|c(?:are|lient(?:care)?|ustomer)?|generated|(?:gen|e)?mail(?:system)?|mailings|message|post|service|system|tech)[-._]?(?:re)?(?:center|id|mail|message|notify|post|reminder|robot|serv(?:er|ice)|support|team).*@(?:citi(?:bank)?|hsbc|if|natwest)\.co(?:m|\.uk) > > > > which detects quite a bit, but is less than perfect. > > > > We haven't seen much of that. > > Hard to scan what we don't even accept.. > > Are you checking for valid rDNS, PTR RR, proper FQDN in HELO, not in > dynamic-IP RBL's, not trying to pipeline when it should not, valid > addressee on your server, not forged, proper format, encoding, mime > usage ... and so on....?
Most of that - but I'm trying to detect these earlier than the DATA phase so I can avoid some of the more expensive checks. I'm seeing about 800 attempts per day at present. -- Russell King -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
