On Sat, Mar 31, 2001 at 11:11:08PM -0800, Karsten M. Self wrote: <snip> > > However, this fails to catch a lot of spam, because apparently it only > > checks first hop taken by the mail message. Most spammers these days > > aren't using such a simple scheme. Consider the following spam headers: <snip> > My understanding is that the spam block only works if the direct > connection is coming from an RBL/ORBS listed IP. In which case, exim > drops or refuses the connnection.
Yup. Unfortunately this was really not very effective. It failed to catch at least 75% of spam to my system, even if it was delivered through an open relay at some point. I ended up implementing a perl filter for procmail. It scans the headers of an incoming message for IP addresses and does an rblcheck on them. A new header is inserted in messages that fail the rblcheck. Thus far, it's done a great job. It's a bit more aggressive than the standard exim filters, so it occasionally catches stuff that's not spam, but those cases are becoming more and more infrequent as I tweak the script. At some point I will try using this filter in a global procmailrc (using procmail as the local MDA), but I am trying it on my own account first. If anybody wants the script and procmail recipe, lemme know. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
pgpqR9N05sNbH.pgp
Description: PGP signature
