看了很多關於 SPAM 的討論,
昨天又看了 OpenWebMail FAQ 裡的 MAIL FILTERING 章節,
有一個主題似乎一直著墨很少, 提出來大家討論看看,
OpenWebMail 的 FAQ 原文如下:
Q: What are "messages with faked smtp"?
A: In short, they are messages coming from mail servers that fake their
name from other machines.
Where is a message coming from?
A message sent from machine A to machine B may have 2 cases:
a. A ---> M1 ---> M2 ---> B (M1, M2 are mail servers)
In this case, openwebmail use M1 as the from server.
Since most of the time, A is windows machine using outlook.
b A -------------------> B
In this case, openwebmail use A as the from server.
How do we know if a from server fakes his name?
Each host may have 3 names in the mail header:
$byas - name used by this server when saying hello to incoming connection
$relay - name used by this server when relaying mail through other host
$connectfrom - ip and name detected by other hosts resolved from DNS system when receiving connection from this server
A from host is faking his name if
a. $byas doesn't equal to $relay, and
b. $connectfrom doesn't equal to $relay, and
c. $connectfrom has different domain than the destitution server B, and
d. $connectfrom is not private IP
以上的條件要在檢查 Header 的時候就把他檔掉, 該怎麼做呢? 謝謝~~~
