>Was grepping logs and noticed a pattern, I'm sure youve seen it.
>
>the usage of certain sender@ names that are common from spammer
>
>these could almost be part of a 'standard config'
>
>#Frequently Used sender addresses:
>#
>debsfunpages@ 554 ACL from_senders
>optin@ 554 ACL from_senders
>opt-in@ 554 ACL from_senders
>do-not-reply@ 554 ACL from_senders
>offers@ 554 ACL from_senders
>
>Anyone got any other suggestions, I can deploy?

I don't think is a good idea.  esp something as innocuous and general as 
offers@.   The local part needs to be fairly specific to avoid false 
positives.  the domain part can be less specific.


>Len, do you think any are so blatant and routine they could get rolled into
>a map and
>part of the 'standard config?'

no

I do think we can compile a from_senders_incorrible.map from all the 
@sender.domain.  I know my  advanced config has a from_senders.regexp that 
across many of my IMgate clients.

Len


Reply via email to