Blocking empty To with rules
Matt Kettler
mkettler at EVI-INC.COM
Fri Feb 14 17:03:42 GMT 2003
Some general Suggestions (I'm assuming sendmail):
Edit your sendmail.mc:
define(`confPRIVACY_FLAGS',
`needmailhelo,authwarnings,novrfy,noexpn,restrictqrun')dnl
Most important here is "needmailhelo".. this gets rid of tools that are too
stupid to issue a HELO/EHLO, which no valid mailserver does.
Most email showing up with no HELO issued is wildly mis-formatted spam, so
that just prevents that problem right off. I've never seen a real email
server fail to HELO when told it must do so.
Also, if you're running SpamAssassin with mailscanner, the rule for this is
MISSING_HEADERS.. jack up the score for it and watch em get spam-tags, or
if you jack it up high enough, high-scoring spam actions, every time.
It should be noted however that according to the STATISTICS.txt with
spamassassin 2.43, some reasonable percentage of the SA nonspam corpus has
a missing To: header (0.64% of the nonspam corpus matched).
At 10:06 AM 2/14/2003 -0600, Mike Williams wrote:
>Is it possible to block a spam message where the To is empty? We are
>getting a ton of spam from AOL and in the sendmail logfile the To is blank.
>I wouldn't mind shutting AOL down from having access to our server but I'm
>sure our customers would complain :)
>
>Mike
More information about the MailScanner
mailing list