Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Mar 2000 17:04:13 -0800
From:      Gregory Sutter <gsutter@zer0.org>
To:        Ollivier Robert <roberto@keltia.freenix.fr>
Cc:        chat@FreeBSD.ORG
Subject:   Re: Spam e-mail headers
Message-ID:  <20000327170413.A77447@azazel.zer0.org>
In-Reply-To: <20000327210018.A59456@keltia.freenix.fr>; from roberto@keltia.freenix.fr on Mon, Mar 27, 2000 at 09:00:18PM %2B0200
References:  <000801bf9735$f19e2f80$40390918@vncvr1.wa.home.com> <20000326192941.A49403@keltia.freenix.fr> <20000326205854.B56803@azazel.zer0.org> <20000327210018.A59456@keltia.freenix.fr>

next in thread | previous in thread | raw e-mail | index | archive | help
On 2000-03-27 21:00 +0200, Ollivier Robert <roberto@keltia.freenix.fr> wrote:
> According to Gregory Sutter:
> > > > Received: from harrier.prod.itd.earthlink.net (207.217.121.12) by
> > > > earthlink.net (8.8.5/8.6.5) with SMTP id GAA01093 for
> > > > <blind@secondsight.org>; Sun, 26 Mar 2000 00:58:57 -0600 (EST)
> 
> > Is there a way to determine this with certainty?  What is the
> > signature to look for?  I'd like to add it to my spam filters. 
> 
> With certainty no. One of the reasons the Received: line above is typical of
> many spamware is that IIRC this combination of sendmail / sendmail.cf is not
> possible (incompatibilities) and I even think 8.6.5 was never released...

Hmmm, if it's not possible, then that would be a pretty accurate thing
to filter on... :)
 
> Some spamware even put a X-mumble: line with their signature in it (the more
> fool they are) making filtering easy.

Yes, unfortunately, most spammers got smarter than that a couple of
years ago.  Now filtering has to be done on body contents as well as
headers to get a decent match rate.

> I can send you my regex filter for Postfix if you want.

Sure, I'd like to see it.  You can take a look at my procmail filters
as well; they're at http://junkfilter.zer0.org/.  

Greg
-- 
Gregory S. Sutter                       "How do I read this file?"
mailto:gsutter@zer0.org                 "You uudecode it."
http://www.zer0.org/~gsutter/           "I I I decode it?"
PGP DSS public key 0x40AE3052


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000327170413.A77447>