Wednesday, April 20, 2005, 12:14:14 AM, you wrote:
> So make a requirement that the received line also contains a "by" for
> your server name.
> It looks something like this:
> header DOMAIN_PL Received =~/from .{1,50}\.pl.{1,100} by
> servername\.doraco\.com\.pl/
> Yes, it's still forgable, but harder to forge. You can also refine the
> regex to look for other specifics of your server to make it harder to
> spoof. Look for the name and version of your MTA, etc.
>> And I still don't know
>>how to write a rule matching the lack of revDNS.
>>
> You'd have to post examples of headers that mailserver generates for
> this, but generally you want to look for a from clause immediately
> followed by an IP, without a host name in between.
> Something like this regex:
> /from \(\[\d.{1,100} by fire.doraco.com.pl/
Thank you for your response, it was very helpful for me.
However finally I decided to add on my MTA an additional header like
X-Received for all scanned mail. I think it should be simpler and more
reliable.
