[Esd-l] smashing unknowns

Scott Taylor scott at dctchambers.com
Tue Jul 30 08:09:01 PDT 2002


This line is from a header in that last message I sent:
Received: from yangc-s9smikhab (unknown [219.68.65.176])

Yesterday I put in a filter for ^Received: .*(unknown*)
to catch a lot of spam, and it worked great, but in about 4 hours I was 
getting calls from people (with poorly set up mail servers?) that were 
sending headers like this.

Here is the header, is that from the mail server or the client?

<snippet>
  From bwreid at vernon.com  Mon Jul 29 14:47:23 2002
 >From rolly  Mon Jul 29 14:47:23 2002
Return-Path: <bwreid at vernon.com>
Delivered-To: xxxxx at xxxxxxxxxx.com
Received: from liam.uiscan.com (liam.uiscan.com [204.239.220.3])
         by xxxxxxxxx.com (Postfix) with SMTP id AE6CB85642
         for <xxxxx at xxxxxxxxxxx.com>; Mon, 29 Jul 2002 14:47:22 -0700 (PDT)
Received: (qmail 21606 invoked from network); 29 Jul 2002 21:48:08 -0000
Received: from unknown (HELO BWREID) (24.77.128.254)
   by liam.uiscan.com with SMTP; 29 Jul 2002 21:48:08 -0000
Message-ID: <006d01c23748$4ba54310$9009a8c0 at BWREID>
</snippet>

Here is the DNS server for that unknown, figures:
128.77.24.in-addr.arpa. 1800    IN      SOA     ns2ht.ok.shawcable.net. 
dnsadmin.shaw.ca.

So, what I would like to do is catch these errors, and put them into a file 
like the sanitizer does with the quarantines, so if someone is missing an 
important email from a poorly set up ISP, it can be easily retrieved.

Any suggestions?



More information about the esd-l mailing list