From owner-freebsd-chat Mon Mar 27 17: 6: 0 2000 Delivered-To: freebsd-chat@freebsd.org Received: from azazel.zer0.org (azazel.zer0.org [209.133.53.200]) by hub.freebsd.org (Postfix) with ESMTP id 7DCDB37BBA3 for ; Mon, 27 Mar 2000 17:05:55 -0800 (PST) (envelope-from gsutter@zer0.org) Received: (from gsutter@localhost) by azazel.zer0.org (8.9.3/8.9.2) id RAA77571; Mon, 27 Mar 2000 17:04:13 -0800 (PST) (envelope-from gsutter@zer0.org) Date: Mon, 27 Mar 2000 17:04:13 -0800 From: Gregory Sutter To: Ollivier Robert Cc: chat@FreeBSD.ORG Subject: Re: Spam e-mail headers Message-ID: <20000327170413.A77447@azazel.zer0.org> References: <000801bf9735$f19e2f80$40390918@vncvr1.wa.home.com> <20000326192941.A49403@keltia.freenix.fr> <20000326205854.B56803@azazel.zer0.org> <20000327210018.A59456@keltia.freenix.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000327210018.A59456@keltia.freenix.fr>; from roberto@keltia.freenix.fr on Mon, Mar 27, 2000 at 09:00:18PM +0200 Organization: Zer0 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-03-27 21:00 +0200, Ollivier Robert wrote: > According to Gregory Sutter: > > > > Received: from harrier.prod.itd.earthlink.net (207.217.121.12) by > > > > earthlink.net (8.8.5/8.6.5) with SMTP id GAA01093 for > > > > ; Sun, 26 Mar 2000 00:58:57 -0600 (EST) > > > Is there a way to determine this with certainty? What is the > > signature to look for? I'd like to add it to my spam filters. > > With certainty no. One of the reasons the Received: line above is typical of > many spamware is that IIRC this combination of sendmail / sendmail.cf is not > possible (incompatibilities) and I even think 8.6.5 was never released... Hmmm, if it's not possible, then that would be a pretty accurate thing to filter on... :) > Some spamware even put a X-mumble: line with their signature in it (the more > fool they are) making filtering easy. Yes, unfortunately, most spammers got smarter than that a couple of years ago. Now filtering has to be done on body contents as well as headers to get a decent match rate. > I can send you my regex filter for Postfix if you want. Sure, I'd like to see it. You can take a look at my procmail filters as well; they're at http://junkfilter.zer0.org/. Greg -- Gregory S. Sutter "How do I read this file?" mailto:gsutter@zer0.org "You uudecode it." http://www.zer0.org/~gsutter/ "I I I decode it?" PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message