I've been getting a bunch of spam from zombied hosts in the 222.x.x.x range. Much of it get blocked by spamhaus and other lists, but there's been enough left that it's noticeable. Whois says that this netblock is assigned to "Air Force Logistics Command". The senders of the spam vary, but none of them are domains that have spf.
Does anybody see any downside to doing something like: sub filter_sender($$$$) { my ($sender, $ip, $hostname, $helo) = @_; if ( ($ip =~ /^222\./) && ($sender !~ /af\.mil\>?/i) ) { return ('REJECT', 'Not USAF address'); } return ('CONTINUE', 'OK'); } _______________________________________________ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang