[unisog] .edu's who use SpamCop?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Dec 17 21:25:30 GMT 2003


On Tue, 16 Dec 2003 17:15:57 EST, Sylvain Robitaille <syl at alcor.concordia.ca>  said:

> I created a "rule" in MIMEDefang which checks for a host outside of our
> network providing an HELO argument which claims to be a host within our
> network (or any host in our domain, actually).  This is easily the
> second most effective spam-detection mechanism we have, and I can't
> think of a single case which would cause a false-positive on this rule.

My laptop is running Fedora Core and an incredibly overly-bleeding-edge Sendmail.

It also has a fairly fixed idea of 'hostname' that it knows itself as, wherever
it might be - this would screw me over thoroughly if I was sending mail to our
campus mailserver while travelling, as it by default acts as its own mail
server rather than using the SMTP server of wherever I happen to have
connectivity at the moment, and it sends its idea of 'hostname' on the EHLO...

So you'd see an inbound 'HELO turing-police.cc.vt.edu' from my office, or from
the modem pool, or from one of the several lab and office spaces on campus I
might be at, or one of the wireless access points, or from an ISP in Boston or
NYC, or Sendmail Inc (all places this laptop's been in the last 6 months).

So there *are* cases where it would false-positive....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20031217/6dcb5266/attachment-0003.bin


More information about the unisog mailing list