Date: Mon, 27 Mar 2000 17:04:13 -0800 From: Gregory Sutter <gsutter@zer0.org> To: Ollivier Robert <roberto@keltia.freenix.fr> Cc: chat@FreeBSD.ORG Subject: Re: Spam e-mail headers Message-ID: <20000327170413.A77447@azazel.zer0.org> In-Reply-To: <20000327210018.A59456@keltia.freenix.fr>; from roberto@keltia.freenix.fr on Mon, Mar 27, 2000 at 09:00:18PM %2B0200 References: <000801bf9735$f19e2f80$40390918@vncvr1.wa.home.com> <20000326192941.A49403@keltia.freenix.fr> <20000326205854.B56803@azazel.zer0.org> <20000327210018.A59456@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2000-03-27 21:00 +0200, Ollivier Robert <roberto@keltia.freenix.fr> wrote: > According to Gregory Sutter: > > > > Received: from harrier.prod.itd.earthlink.net (207.217.121.12) by > > > > earthlink.net (8.8.5/8.6.5) with SMTP id GAA01093 for > > > > <blind@secondsight.org>; Sun, 26 Mar 2000 00:58:57 -0600 (EST) > > > Is there a way to determine this with certainty? What is the > > signature to look for? I'd like to add it to my spam filters. > > With certainty no. One of the reasons the Received: line above is typical of > many spamware is that IIRC this combination of sendmail / sendmail.cf is not > possible (incompatibilities) and I even think 8.6.5 was never released... Hmmm, if it's not possible, then that would be a pretty accurate thing to filter on... :) > Some spamware even put a X-mumble: line with their signature in it (the more > fool they are) making filtering easy. Yes, unfortunately, most spammers got smarter than that a couple of years ago. Now filtering has to be done on body contents as well as headers to get a decent match rate. > I can send you my regex filter for Postfix if you want. Sure, I'd like to see it. You can take a look at my procmail filters as well; they're at http://junkfilter.zer0.org/. Greg -- Gregory S. Sutter "How do I read this file?" mailto:gsutter@zer0.org "You uudecode it." http://www.zer0.org/~gsutter/ "I I I decode it?" PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000327170413.A77447>