| Main Archive Page > Month Archives > spamassassin-users archives |
Re: Am i sending spam?
From: Larry Rosenman <ler_at_nospam>Date: Fri Dec 23 2011 - 22:37:27 GMT
To: users@spamassassin.apache.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/23/2011 4:23 PM, David F. Skoll wrote:
> On Fri, 23 Dec 2011 23:13:43 +0100 "Lars Ebeling"
> <lars.ebeling@leopg9.no-ip.org> wrote:
>
>>> We automatically block mail from anyone who HELOs as our
>>> machine (unless it really *is* from our machine, of course!)
>
>> how do you do that?
>
> We use MIMEDefang which lets you code tests like that in Perl. (So
> this is done outside of SpamAssassin, but you may be able to hack a
> SpamAssassin rule to do it too.)
>
> Regards,
>
> David.
In Exim, I do the following:
# kill off the folks that use OUR ip's in HELO Nice and Early.
drop message = Forged IP detected in HELO: $sender_helo_name
hosts = !+relay_from_hosts
!authenticated = *
condition = ${if \
eq{$sender_helo_name}{$interface_address}{yes}{no}}
# Forged hostname - HELOs as my own hostname or domain (early as well)
drop message = Forged hostname detected in HELO:
$sender_helo_name
hosts = !+relay_from_hosts
!authenticated = *
condition = ${lookup {$sender_helo_name} \
lsearch{/usr/local/etc/exim/checkfiles/our_host_names}{yes}{no}}
- --
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 512-248-2683 E-Mail: ler@lerctr.org
US Mail: 430 Valona Loop, Round Rock, TX 78681-3893
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJO9QKnAAoJENC8dtAvA1zmv9EIAKReeH0gP6j2oOojXIJ9fMjJ
y32vFdjm8wvzBFxdHIHsqZ88yV//LDEUqq1JPWeFbz0XvXirRAmgJXuF8JAwWIiP
WqttoEsm9ljreZFOTrkH6Ak8DwR0Jx8fBSMIWVU9dcUOLAV2pxnATWAcuoLAIJ5N
dtM4SEiKlypcAEh46D5ih7d4iztMGCDIZLKxSokiUNfRIDU2COVLBdajYUQn2vd6
cmuY2Mr8UlDVETnZZVwJnFGfjsIsWSUsLvV/LFop/Dpq++nlZNxWxaX7QVj+ZoY2
vsQtgj0w7jdfmEpcTVuTv+sFNSo/VjpwhXB0Y0PM1NLiP5w49J0RN8CwpakhBVg=
=WSY8
-----END PGP SIGNATURE-----