On Sat, Feb 23, 2008 at 10:49:08AM +0000, W B Hacker wrote: > Russell King wrote: > > Has anyone generated a regexp to detect this bank-based stuff, such as: > > > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > Are you checking for valid rDNS, PTR RR, proper FQDN in HELO, not in > dynamic-IP RBL's, not trying to pipeline when it should not, valid > addressee on your server, not forged, proper format, encoding, mime > usage ... and so on....?
Here, most of that junk used to get rejected for exactly those sorts of reasons. If you don't already implement PTR checking etc. because you're afraid of false positives, you could always choose to only apply those sorts of checks for senders in banking domains. These days I just reject at RCPT time for all senders which seem to be banking-related (i.e. manually maintained list of banking domains), except for specific recipients which have an "allow banking senders" flag set. But of course depending on your circumstances, that option may not be open to you. -- Dave Evans http://djce.org.uk/ http://djce.org.uk/pgpkey
signature.asc
Description: Digital signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
