I have the following rule where I wrote all the HELO spammers that SA
didn't caught, I insert the new HELO everytime that I found one. My concern
is, is too much for just one rule or the rule can grow without limit?
header CHARLY_RULE1ALL =~
On Fri, 2011-11-25 at 11:49 -0600, Sergio wrote:
I have the following rule where I wrote all the HELO spammers that SA
didn't caught, I insert the new HELO everytime that I found one. My concern
is, is too much for just one rule or the rule can grow without limit?
When I asked this question a
Thank you Martin,
I will give it a try to your pormanteu, appreciated for sharing it.
Regards,
Sergio
On Fri, Nov 25, 2011 at 12:13 PM, Martin Gregorie mar...@gregorie.orgwrote:
On Fri, 2011-11-25 at 11:49 -0600, Sergio wrote:
I have the following rule where I wrote all the HELO spammers
On 2011-11-25 18:49, Sergio wrote:
I have the following rule where I wrote all the HELO spammers that SA
didn't caught, I insert the new HELO everytime that I found one. My concern
is, is too much for just one rule or the rule can grow without limit?
header CHARLY_RULE1ALL =~
On Fri, 25 Nov 2011 18:13:32 +, Martin Gregorie wrote:
http://www.libelle-systems.com/free/portmanteau/portmanteau.tgz
I was thinking of using a server plus plugin to do this but was
convinced that this 'portmanteau rule' approach was better: it
certainly
works well for me.
thanks for
@Axb,
just curious.. what are you trying to achieve by running these domains
through ALL headers?
catch senders? received headers?
there headers that comes with the following:
Received: from [66.85.187.123] *(helo=vpn123.layeredvpnzervices.com)*
by izabal.espacioydominio.com with esmtp
On 2011-11-25 21:36, Sergio wrote:
@Axb,
just curious.. what are you trying to achieve by running these domains
through ALL headers?
catch senders? received headers?
there headers that comes with the following:
Received: from [66.85.187.123] *(helo=vpn123.layeredvpnzervices.com)*
by
Just to mention two examples, well, the point is that in a lot of spam
emails the HELO is the same for a lot of different email addresses, so, I
am trying to block that.
Is there a better way than checking all the header?
@ Christian Grunfeld
a blacklist lookup table can achieve the
@ Axb,
look at it this way.. the less a rule has to do the faster it is and less
prone to error/FPs
If you check ALL headers, SA will go thru long DKIM headers for a pattern
which will not show up in DKIM header, it will look in X headers, From,
To, etc,etc.. big waste of time and CPU cycles