spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Am i sending spam?

Re: Am i sending spam?

From: Larry Rosenman <ler_at_nospam>
Date: Fri Dec 23 2011 - 22:37:27 GMT
To: users@spamassassin.apache.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/23/2011 4:23 PM, David F. Skoll wrote:
> On Fri, 23 Dec 2011 23:13:43 +0100 "Lars Ebeling"
> <lars.ebeling@leopg9.no-ip.org> wrote:
>
>>> We automatically block mail from anyone who HELOs as our
>>> machine (unless it really *is* from our machine, of course!)
>
>> how do you do that?
>
> We use MIMEDefang which lets you code tests like that in Perl. (So
> this is done outside of SpamAssassin, but you may be able to hack a
> SpamAssassin rule to do it too.)
>
> Regards,
>
> David.
In Exim, I do the following:
  # kill off the folks that use OUR ip's in HELO Nice and Early.
  drop message = Forged IP detected in HELO: $sender_helo_name
         hosts = !+relay_from_hosts
         !authenticated = *
         condition = ${if \
                eq{$sender_helo_name}{$interface_address}{yes}{no}}
  # Forged hostname - HELOs as my own hostname or domain (early as well)
  drop message = Forged hostname detected in HELO:
$sender_helo_name
         hosts = !+relay_from_hosts
         !authenticated = *
         condition = ${lookup {$sender_helo_name} \

lsearch{/usr/local/etc/exim/checkfiles/our_host_names}{yes}{no}}

- --
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 512-248-2683 E-Mail: ler@lerctr.org
US Mail: 430 Valona Loop, Round Rock, TX 78681-3893
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJO9QKnAAoJENC8dtAvA1zmv9EIAKReeH0gP6j2oOojXIJ9fMjJ
y32vFdjm8wvzBFxdHIHsqZ88yV//LDEUqq1JPWeFbz0XvXirRAmgJXuF8JAwWIiP
WqttoEsm9ljreZFOTrkH6Ak8DwR0Jx8fBSMIWVU9dcUOLAV2pxnATWAcuoLAIJ5N
dtM4SEiKlypcAEh46D5ih7d4iztMGCDIZLKxSokiUNfRIDU2COVLBdajYUQn2vd6
cmuY2Mr8UlDVETnZZVwJnFGfjsIsWSUsLvV/LFop/Dpq++nlZNxWxaX7QVj+ZoY2
vsQtgj0w7jdfmEpcTVuTv+sFNSo/VjpwhXB0Y0PM1NLiP5w49J0RN8CwpakhBVg=
=WSY8
-----END PGP SIGNATURE-----