Learning Backscatter

[Tom Anderson]

.rp wrote:
> I know I am repeating myself, but anyway ...
>  One of the users (actually the boss) had the email address harvested and we got clobbered 
>  by backscatter. Looking at the emails of the various 'unable to deliver' type messages, I saw 
>  what these could be filtered on, but don't know how to write up and implement the rule 
>  outside of procmail. I don't want to use procmail for this since it I think it would be an 
>  expensive routine for procmail to run.
> 
>  In the body of the 'unable to deliver' message, the original message is quoted. One of the 
>  lines quoted is the Message-ID: header from the original. The format of this line is always 
>  wrong as it does not contain the FQDN that our server appends to the end of the hash 
>  number , following the '@' symbol .
> 
>  So, need a rule that would parse the "Message-ID:" in the body (or attachment) and not 
>  header, and look for the @FQDN 

Great observation.  This sounds like something I could implement into my 
Stripsearch program, which already does some email body parsing, but 
it'll take quite a bit of time and testing.  I'll let you know when I 
get around to trying it.

Tom