Prev-20 Home Next-20 15 msg Header for message size? 3 msg address rewriting 2 msg address_verify_relayhost and relay_domains 5 msg pflogsumm reports 11 msg Changing Queue IDs 3 msg another authentication failure( with sasl) 2 msg Bypass Spam checks for certain destinations 11 msg Postfix 'too nice' with content_filter 7 msg profiling a milter (dkim in particular) spammers tacking on headers how to block? \ jjones (19 Sep 2007) . \ Evan Platt (19 Sep 2007) . . \ jjones (19 Sep 2007) . . . \ mouss (3 Oct 2007) . . \ Gaby Vanhegan (19 Sep 2007) . \ Terry Carmen (19 Sep 2007) . \ mouss (19 Sep 2007) 7 msg [Fwd: Re: RFC 821] 1 msg Re: 4 msg (No Subject) 2 msg RFC 821 7 msg Suspending mail delievery to a specific user 2 msg Re: OT - massive newsletter 12 msg List management issue: possibly Off Topic 2 msg bad protocol error Testing SASL configuration 2 msg warning: smtpd_sasl_auth_enable is true, but SA... 1 msg Quota Problem Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users Sep-2007 Next-Thread Next-Msg Subject: spammers tacking on headers how to block? Group: Postfix-users From: jjones Date: 19 Sep 2007 Hello all, I have had a real good success with postfix + spamassassin for a spam tagging gateway, but a spammer is getting crafty and tacking on headers in the email. I was wondering if anyone can see a easy of blocking these types of emails. Return-path: <083n> Received: from mailgw.somedomain.com ([128.1.1.242]) by mail2.somedomain.com with SMTP; Wed, 19 Sep 2007 08:00:22 -0400 Received: from mxhost.somedomain.com ([128.1.1.245]) by mailgw.somedomain.com (SMSSMTP 4.1.11.41) with SMTP id M2007091908003214893 for <dbeebe>; Wed, 19 Sep 2007 08:00:32 -0400 Received: by mxhost.somedomain.com (Postfix, from userid 12346) id 17DBCB404C; Wed, 19 Sep 2007 08:00:17 -0400 (EDT) X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on mxhost X-Spam-Level: **************************** X-Spam-Status: Yes, score=28.4 required=5.0 tests=BAYES_99,FH_FROMEML_NOTLD, HELO_DYNAMIC_DHCP,HTML_IMAGE_ONLY_08,HTML_IMAGE_RATIO_02,HTML_MESSAGE, HTML_SHORT_LINK_IMG_1,MIME_BASE64_BLANKS,MIME_QP_LONG_LINE,PART_CID_STOCK, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RDNS_NONE,SPAMMY_XMAILER, STOCK_IMG_CTYPE,STOCK_IMG_HDR_FROM,STOCK_IMG_HTML,T_TVD_FW_GRAPHIC_ID1, URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL, URIBL_WS_SURBL autolearn=spam version=3.2.3 X-Spam-Report: * 4.3 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * 1.4 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) * 2.7 FH_FROMEML_NOTLD E-mail address doesn't have TLD (.com, etc.) * 0.0 T_TVD_FW_GRAPHIC_ID1 BODY: T_TVD_FW_GRAPHIC_ID1 * 0.4 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words * 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars * 0.0 MIME_BASE64_BLANKS RAW: Extra blank lines in base64 encoding * 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: walkcompare.cn] * 1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist * [URIs: walkcompare.cn] * 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: walkcompare.cn] * 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: walkcompare.cn] * 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist * [URIs: walkcompare.cn] * 0.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist * [URIs: walkcompare.cn] * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see <http://www.spamcop.net/bl.shtml?85.105.79.128>] * 0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server * [85.105.79.128 listed in dnsbl.sorbs.net] * 1.6 PART_CID_STOCK Has a spammy image attachment (by Content-ID) * 2.3 SPAMMY_XMAILER X-Mailer string is common in spam and not in ham * 0.0 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image * 0.0 STOCK_IMG_HTML Stock spam image part, with distinctive HTML * 0.9 STOCK_IMG_CTYPE Stock spam image part, with distinctive Content-Type * header * 0.0 STOCK_IMG_HDR_FROM Stock spam image part, with distinctive From line Received: from dsl.static.85-105-20352.ttnet.net.tr (unknown [85.105.79.128]) by mxhost.somedomain.com (Postfix) with ESMTP id 56667B4048 for <dbeebe>; Wed, 19 Sep 2007 08:00:03 -0400 (EDT) Received: from [85.105.79.128] by mx.freenet.de; Wed, 19 Sep 2007 14:00:43 +0200 From: "Leah Santos" To: <dbeebe> Subject: RE: Assortment update Date: Wed, 19 Sep 2007 14:00:43 +0200 Message-ID: <01c7fab4$b47e1e90$804f6955@083n> MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_000E_01C7FAB4.B47E1E90" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4115 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal This is a multi-part message in MIME format. TIA for your help... Jeff Prev-Msg Prev-Thread Postfix-users Sep-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com