[Esd-l] smashing unknowns

Rick Thompson rthompson at rrmm.net
Tue Jul 30 18:34:01 PDT 2002

You are going to get ALOT of these I'm afraid...I finally had to remove the
option in my Postfix config that automagically rejects these because too
many of our business partners were getting blocked.

Just a heads-up.


-----Original Message-----
From: esd-l-admin at spconnect.com [mailto:esd-l-admin at spconnect.com]On
Behalf Of Scott Taylor
Sent: Tuesday, July 30, 2002 11:08 AM
To: esd-l at spconnect.com
Subject: [Esd-l] smashing unknowns

This line is from a header in that last message I sent:
Received: from yangc-s9smikhab (unknown [])

Yesterday I put in a filter for ^Received: .*(unknown*)
to catch a lot of spam, and it worked great, but in about 4 hours I was
getting calls from people (with poorly set up mail servers?) that were
sending headers like this.

Here is the header, is that from the mail server or the client?

  From bwreid at vernon.com  Mon Jul 29 14:47:23 2002
 >From rolly  Mon Jul 29 14:47:23 2002
Return-Path: <bwreid at vernon.com>
Delivered-To: xxxxx at xxxxxxxxxx.com
Received: from liam.uiscan.com (liam.uiscan.com [])
         by xxxxxxxxx.com (Postfix) with SMTP id AE6CB85642
         for <xxxxx at xxxxxxxxxxx.com>; Mon, 29 Jul 2002 14:47:22 -0700 (PDT)
Received: (qmail 21606 invoked from network); 29 Jul 2002 21:48:08 -0000
Received: from unknown (HELO BWREID) (
   by liam.uiscan.com with SMTP; 29 Jul 2002 21:48:08 -0000
Message-ID: <006d01c23748$4ba54310$9009a8c0 at BWREID>

Here is the DNS server for that unknown, figures:
128.77.24.in-addr.arpa. 1800    IN      SOA     ns2ht.ok.shawcable.net.

So, what I would like to do is catch these errors, and put them into a file
like the sanitizer does with the quarantines, so if someone is missing an
important email from a poorly set up ISP, it can be easily retrieved.

Any suggestions?
Esd-l mailing list
Esd-l at spconnect.com

More information about the esd-l mailing list