Hey all,

In looking through my sendmail logs, I've found that some connecting mail
servers actually are correctly configured with a signed, valid cert from
one of the major CA's.

Is there a rule that can match this, on sendmail, based on the connecting
ip on your network edge?

This could be used to complement domain-assurance tools like SPF, DKIM or
the like, since it not only matches the fact that in order to get one of
these certs, the domain owner has had to match at least SOME kind of
legitimacy test (even with the most automated signers).

This is a length I cannot imagine a spammer going to.

Better still, can someone with a better corpus than I confirm some hit/not
hit ratios here?

-Dan

--

unless is a pr0no book he wont even come close to the bandwidth quota

-Racer-X, concerning DanMahoney.com's web hits.


--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------