On 06/18/2014 05:38 PM, spamassas...@lcwsoft.com wrote:
On 18.06.2014 03:17, Axb wrote:
On 06/18/2014 07:34 AM, spamassas...@lcwsoft.com wrote:
On 17.06.2014 17:25, Axb wrote:
On 06/17/2014 09:13 PM, Axb wrote:
On 06/17/2014 08:40 PM, spamassas...@lcwsoft.com wrote:
On 17.06.2014 14:09, RW wrote:
On Mon, 16 Jun 2014 17:03:31 -0230
spamassas...@lcwsoft.com wrote:
> originating_ip_headers X-WebmailclientIP
Actually, that might meet my needs in a better way, as I could
add a
custom header and then set that.
I don't think that's a good idea, originating IP addresses may
legitimately be dynamic, so blocklists that tend to FP on dynamic
addresses aren't applied. This is where having an interface for
adding
extra IP addresses to be checked would be useful.
In our case, I would only be using it for when the e-mail contains an
X-PHP-Script header and is outgoing from our server, to prevent
outgoing
spam from PHP script, as we have some clients with forms being abused
currently and cannot possibly police all their forms.
Can you show us a sample of such a header?
I'm trying to understand what adds that header if, as you say, have
no control over the abused form code?
PHP with the MailHeaders patch: https://choon.net/php-mail-header.php
It puts a header with the script name and IP address, which I want to
check against one or more RBLs to see if it is listed as a spammer. We
run SpamAssassin on our outbound mail to help filter any possible
outgoing spam, so such a rule could be used to help prevent outgoing
spam from abused PHP forms on our server as a temporary resolution until
the clients can fix their forms.
From what I understand, you want to do a type A lookup with the URIBL
plugin against that header and hope some BL has it listed which is
highly unlikely because most BLs list spam exit point IPs.
XBL and some SBL listings could possibly detect some of this but I
wouldn't hold my breath unless you have such a massive problem that
you make a global difference.
At this point I'm not convinced this will mitigte your problem.
Hmmm.....as you're not the first person in the world with this
problem I wonder what other approaches could be more efficient....
No. I want to parse out the IP and pass that to the RBLs, see if the IP
is listed on them, and trigger some rules if so. The reason is that this
issue is causing other legit e-mails from the same server to be delayed
by Google and Yahoo as only a few e-mails are sent to them daily and the
ratio appears to be used by them to rate limit.
When you have your plugin running, pls consider submitting a link for
inclusion in https://wiki.apache.org/spamassassin/CustomPlugins
