[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Spam mail question



On Mon, Jun 03, 2002 at 02:34:01PM +0000, Paulo Henrique Baptista de Oliveira wrote:
| 
| Hi all,
| How to reject mail with from like this: "<>" at a Debian GNU/Linux
| box and Exim?

What you mean by "from"?  There are two meanings of it
    1)  the envelope
            This is specified in the
                MAIL FROM:
            command during the SMTP session
    2)  the message itself
            This is specified by the
                From:
            header inside the message

Email, just like snail mail, has envelopes that can (and many times
(legitimately) do) differ from the letter inside the envelope.

If the envelope is <>, then either rejecting or blackholing the message
will get you in dsn.rfc-ignorant.org.  There are a few MS worms/virii
that abuse the RFCs by setting the envelope sender to <>, and those
can be identified by other characteristics and blackholed separately.
If you're aware of such messages, try discussing it on the
spamassassin lists so that it can be properly identified and trashed.

If the message itself has "From: <>" that's a different story, and
shouldn't occur.  Again, though, see if a discussion on sa-talk can't
yield some rules for tagging (and trashing) the junk.  


One feature of exim that I really like is (version 3.x config) :
    headers_check_syntax = true 

If a message has syntactically incorrect headers it will be rejected.
For example (from my rejectlog) :

    2002-06-05 11:36:26 17Fdlp-0007lt-00
            H=pony-express.cs.rit.edu [129.21.30.24]
            F=<TermQuotesLife@eudoramail.com>
        rejected after DATA: "@" or "." expected after "Not":
        failing address in "To" header is: <Not Insured>

Obviously a spam message (routed through my school address).

-D

-- 

Windows, hmmm, does it come with a GUI interface that works or just
pretty blue screens?
 
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg

Attachment: pgpZELOPJfbqs.pgp
Description: PGP signature


Reply to: