Learning Backscatter
Tom Anderson
tanderson at orderamidchaos.com
Fri Jan 30 22:55:07 CET 2009
.rp wrote:
> I know I am repeating myself, but anyway ...
> One of the users (actually the boss) had the email address harvested and we got clobbered
> by backscatter. Looking at the emails of the various 'unable to deliver' type messages, I saw
> what these could be filtered on, but don't know how to write up and implement the rule
> outside of procmail. I don't want to use procmail for this since it I think it would be an
> expensive routine for procmail to run.
>
> In the body of the 'unable to deliver' message, the original message is quoted. One of the
> lines quoted is the Message-ID: header from the original. The format of this line is always
> wrong as it does not contain the FQDN that our server appends to the end of the hash
> number , following the '@' symbol .
>
> So, need a rule that would parse the "Message-ID:" in the body (or attachment) and not
> header, and look for the @FQDN
Great observation. This sounds like something I could implement into my
Stripsearch program, which already does some email body parsing, but
it'll take quite a bit of time and testing. I'll let you know when I
get around to trying it.
Tom
More information about the Bogofilter
mailing list