[Esd-l] smashing unknowns
Scott Taylor
scott at dctchambers.com
Tue Jul 30 08:09:01 PDT 2002
This line is from a header in that last message I sent:
Received: from yangc-s9smikhab (unknown [219.68.65.176])
Yesterday I put in a filter for ^Received: .*(unknown*)
to catch a lot of spam, and it worked great, but in about 4 hours I was
getting calls from people (with poorly set up mail servers?) that were
sending headers like this.
Here is the header, is that from the mail server or the client?
<snippet>
From bwreid at vernon.com Mon Jul 29 14:47:23 2002
>From rolly Mon Jul 29 14:47:23 2002
Return-Path: <bwreid at vernon.com>
Delivered-To: xxxxx at xxxxxxxxxx.com
Received: from liam.uiscan.com (liam.uiscan.com [204.239.220.3])
by xxxxxxxxx.com (Postfix) with SMTP id AE6CB85642
for <xxxxx at xxxxxxxxxxx.com>; Mon, 29 Jul 2002 14:47:22 -0700 (PDT)
Received: (qmail 21606 invoked from network); 29 Jul 2002 21:48:08 -0000
Received: from unknown (HELO BWREID) (24.77.128.254)
by liam.uiscan.com with SMTP; 29 Jul 2002 21:48:08 -0000
Message-ID: <006d01c23748$4ba54310$9009a8c0 at BWREID>
</snippet>
Here is the DNS server for that unknown, figures:
128.77.24.in-addr.arpa. 1800 IN SOA ns2ht.ok.shawcable.net.
dnsadmin.shaw.ca.
So, what I would like to do is catch these errors, and put them into a file
like the sanitizer does with the quarantines, so if someone is missing an
important email from a poorly set up ISP, it can be easily retrieved.
Any suggestions?
More information about the esd-l
mailing list