On Sun, 17 Feb 2002, Daniel Rogers wrote: > It seems I've been getting a lot of spam lately that has a valid MX, but > the MX is 127.0.0.1 (loopback). Any chance we could add a test for > this?
There was some discussion on the Postfix list a while ago to provide a DNS Blacklist style lookup for arbitrary things like that. I don't think anybody has done this yet, but it would actually be a really cool thing to have ... lots of spammers have a bunch of sender domains, but their MX servers are all on the same box. It should be pretty easy to add a test like that to SpamAssassin... OK, done. ;-) I'm a CVS idiot, so some of my other local stuff is included in the patch ... but it won't hurt anything. Can somebody point me to a their favorite CVS introduction? The patch also adds the check_if_listed_recipient (the Delivered-To test we've been talking about) test, but doesn't add the rules for it yet. It also changes the numbers in headers from one place after the decimal point to two; I was getting complaints from folks who didn't understand rounding. Anyway: to use the FROM_MX_BLACKLISTED test, which I've scored at 3 (arbitrary ...), create preference entries like this: blacklist_mx mail.flowgo.com blacklist_mx server8.twistedhumor.com I didn't take it take it the next step - it works on hostnames, not IP addresses. Are you finding that the spammers are all pointing to "localhost" or "localhost.localdomain" or are they pointing to "bogusmx.ispam.com" which resolves to 127.0.0.1? It wouldn't be hard to add that ... -- Charlie Watts [EMAIL PROTECTED] Frontier Internet, Inc. http://www.frontier.net/
spamassassin.patch
Description: Binary data
