On 8/26/2007 11:36 PM, John D. Hardin wrote:
On Sun, 26 Aug 2007, Nikolay Shopik wrote:
Just parse received headers in attached message in backscatter.
You can easily see what this message sent not by your server and
you can reject such backscatter, because you never sent such
messages.
Not true any longer. The joe job I've been suffering from the last
month has forged Received: headers that makes the spam appear to have
been sent from my MX to the bot that actually originated it. After
all, how hard is it to look up the MX for the domain you're forging as
the sender?
I you want to filter you'd need to keep a history of all the
Message-ID values your MTA had processed and compare to that.
Yeah Message-ID is works too. Lookup for ip address as well in received
header.
