info about spam messages
Tom Anderson
tanderso at oac-design.com
Mon Jun 14 13:48:55 CEST 2004
On Mon, 2004-06-14 at 07:27, Tom Allison wrote:
> This is where the postfix UCE options come into play.
> If you "turn on" the options for valid+known+fqdn headers it will knock
> out a lot of this HELO {I'm Bogus} stuff at the front door.
> Unfortunately, a lot of people run with unkown addresses:
> "Helo command rejected: Host not found"
> is a frequent entry in my logs.
Absolutely, if you are using an MTA which will do the lookup and the
reverse lookup, you should use it. However, not everybody uses
Postfix. And the IP/DN you receive an email from is not always the
originator. Therefore it is very difficult for bogofilter to be able to
say that some IP address is authoritatively the originator of the
email. The question was whether bogofilter should output an IP address
in its logs. I think this would cause confusion about what that address
represents, as it is not necessarily (or even usually?) the spammer. In
fact, if the IP parsing regex isn't perfect for all possible MTAs, it's
possible for the spammer to trick bogofilter into outputting a
completely innocent IP, even your own. Therefore, if the IP outputted
cannot be trusted, then what's the purpose in doing it?
Tom
More information about the Bogofilter
mailing list