|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: how to block this spam?
From: furio ercolessi (furio+pf
spin.it)Date: Fri Dec 08 2000 - 06:29:49 CST
- Next message: Wari Wahab: "Mail Filtering with postfix"
- Previous message: Lars Hecking: "amavis-perl support"
- In reply to: Justus Pendleton: "how to block this spam?"
- Next in thread: Vivek Khera: "Re: how to block this spam?"
- Reply: furio ercolessi: "Re: how to block this spam?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Dec 07, 2000 at 06:05:39PM -0500, Justus Pendleton wrote:
> Recently I've started getting spam that pretends to be addressed to
> someone else. I've included an example below. Notice that the To:
> header is bogus. Is there an easy way to reject mail that doesn't
> have a To header for the local machine? Is there a way to reject such
> mail other than using header_checks?
Such mail tends to be delivered through open relays, and abused open
relays are usually listed in RSS. For instance, the server that
transmitted this spam was listed on 05 Oct 2000
[ http://mail-abuse.org/cgi-bin/nph-rss?query=202.96.126.34 ].
So if you were using RSS you would not have received this spam.
OTOH, using RSS means that some legitimate mail will be blocked too,
and you should set up a whitelist map to be populated with the
abused open relays used by people corresponding with your users,
as soon as you discover them. Meaning more work to do.
furio ercolessi
>
> Justus
>
>
> Example spam headers:
>
> Return-Path: <Vuhu.de>
> Delivered-To: XXXXXXryoohki.net
> Received: from mail.acm.org (mail.acm.org [199.222.69.4])
> by washuu.ryoohki.net (Postfix) with ESMTP id D54B77ED
> for <XXXXXXryoohki.net>; Thu, 7 Dec 2000 06:02:11 -0500 (EST)
> Received: from mail.zjec.com.cn ([202.96.126.34])
> by mail.acm.org (8.9.3/8.9.3) with ESMTP id GAA15334
> for <XXXXXXacm.org>; Thu, 7 Dec 2000 06:01:59 -0500
> Date: Thu, 7 Dec 2000 06:01:59 -0500
> From: Vuhu.de
> Message-Id: <200012071101.GAA15334mail.acm.org>
> Received: from h809 (1cust191.tnt3.mia5.da.uu.net [63.30.200.191]) by mail.zjec.com.cn with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.1960.3)
> id Y209PF8N; Thu, 7 Dec 2000 18:09:11 +0800
> To: Vuhu.de
> Subject: At Last, Herbal V, the All Natural Alternative is Available!
> Content-Length: 8473
- Next message: Wari Wahab: "Mail Filtering with postfix"
- Previous message: Lars Hecking: "amavis-perl support"
- In reply to: Justus Pendleton: "how to block this spam?"
- Next in thread: Vivek Khera: "Re: how to block this spam?"
- Reply: furio ercolessi: "Re: how to block this spam?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]