On 11 Feb 2021, at 7:00, Loren Wilton wrote:
I'm getting a lot of spams that all have a series of completely bogus
Received headers in them. A characteristic of these headers is a
rather improbable datestamp, considering today's date:
Received: from 69-171-232-143.mail-mail.facebook.com
([69.171.232.143])
by oxsus1nmtai03p.internal.vadesecure.com with ngmta
id 0574d1a8-1628c15907fbaba1; Thu, 06 Aug 2020 18:30:56 +0000
Note that this message must have been in flight for about a year and a
half according to that header.
Minor pedantry: Actually just a few days more than half a year.
Anyone know an easy way to check for a Received header date more than
say a week old and add some points?
There is a received_within_months() eval in the HeaderEval plugin which
someone wrote at some point but failed to suitably document or even use.
There are also private functions there (e.g.
_get_received_header_times()) which seem potentially useful but which
<sigh> are also undocumented. If you feel like being a pioneer, you
could try creating rules to make use of that code.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire