[email protected] wrote: > P.S. I wrote: > >> For a couple months some spam > > with fake Received > >> penetrated greylisting (I think that only one >> Russian botnet uses same $sender_address in all instances of same spam >> necessary for penetrating greylisting), but if I'm not mistaken, >> for last couple weeks that botnet switched to no fake Received line at all. > > but with other recognizable signs in the header. I'm testing > a new complex set of conditions. >
But if it is a botnet, would it not fail: - forward/reverse lookup test? - AND the HELO <=> FQDN match test? ?? If you don't mind onpassing a few samples, I'll be happy to see if they've been 'seen' here, and if so, which of our rules they escaped... or were caught with. Best, Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
