@Axb,
> just curious.. what are you trying to achieve by running these domains
through ALL headers?
> catch senders? received headers?
there headers that comes with the following:
Received: from [66.85.187.123] *(helo=vpn123.layeredvpnzervices.com)*
by izabal.espacioydominio.com with esmtp (Exim 4.69)
(envelope-from <accountingeducation.yjuee*@nwwrej.afraidageshare.net*>)
id 1RTzVK-0000Jp-IR
for chard...@secmas.net; Fri, 25 Nov 2011 11:24:02 -0600
From: accounting education <
accountingeducation.yj...@nwwrej.afraidageshare.net>
Received: from [66.85.158.200] (*helo=search200.complementhold.com*)
by izabal.espacioydominio.com with esmtp (Exim 4.69)
(envelope-from <nursingschool.ncqq...@aifnqk.laughsidecant.net>)
id 1RTzPA-0007TD-CR
for chard...@secmas.net; Fri, 25 Nov 2011 11:17:40 -0600
From: nursing school <*nursingschool.ncqq...@aifnqk.laughsidecant.net*>
Just to mention two examples, well, the point is that in a lot of spam
emails the HELO is the same for a lot of different email addresses, so, I
am trying to block that.
Is there a better way than checking all the header?
@ Christian Grunfeld
> a blacklist lookup table can achieve the same, cant it?
Can you share how to create this lookup table in a rule?
Thanks a lot for your inputs.
Sergio
