spam addrs
David Relson
relson at osagesoftware.com
Tue Jun 15 14:25:31 CEST 2004
On 15 Jun 2004 08:10:55 -0400
Tom Anderson wrote:
> On Mon, 2004-06-14 at 19:36, David Relson wrote:
> > Received: (qmail 937 invoked from network); 2 Feb 2004 19:21:52
> > -0000 Received: from unknown (HELO localhost) (127.0.0.1)
> > by localhost with SMTP; 2 Feb 2004 19:21:52 -0000
> > Received: from natmout00.rzone.de (natmout00.rzone.de
> > [81.169.145.163])
> > by mail.nn7.de (8.12.10/8.12.10) with ESMTP id i12JLAWl009417
> > for <bugreports at nn7.de>; Mon, 2 Feb 2004 20:21:10 +0100 (MET)
> >
> > The third version excludes "but not 127.0.0.1".
>
> What do you mean by that last statement... do you mean it excludes
> 127.0.0.1 from being entered in the log? If you're going to do that,
> you should exclude other local and reserved addresses as well.
Typo. Should have been:
The third version excludes "127.0.0.1".
...[snip]...
Tom,
Bogofilter has many optional features. I doubt that anyone uses them
all. Additionally there are frameworks included, such as support of
different charsets, that are awaiting users to be completed.
I've provided another capability that is of interest/value to some
users. Most users will not use it. If, in actual use, it doesn't fit
the need of a particular site, then the sysadmin can change the code.
I'm not going to translate perl regex's to C :-)
> If you've found a valid IP within a received line's "from" portion
> that matches a known pattern, which is not local and not reserved and
> it is outside of the receiving server's class B network, then you can
> be relatively certain that it is either a spammer, a spammer's
> immediate network, or an open relay.
True thoroughness wouldn't assume a class B network. It would use the
netmask. IP addresses just above/below the server's address block
_could_ belong to a spammer, a spammer's network, or an open relay.
Regards,
David
More information about the Bogofilter
mailing list