I ended up blocking this by dropping text-only email (i.e. messages with no part with a content type of /text\/html/i) for this one particular recipient. The attack has since ended and I'm about to remove that special-case.
On Thu, 2012-02-09 at 14:49 -0500, David F. Skoll wrote: > The random word spams: Do they all have message IDs starting > "CHILKAT-MID" ? The three samples Michael sent me had that, > and I found this on Google: I (foolishly) didn't save a pile of samples, but the one example I had handy has that Message-ID format. I can't believe I didn't think to check the Message-ID format before. I had looked at the X-Mailer headers, and they were all random real mail client values. In other words, one might be Outlook, another one Evolution, another Thunderbird, another Eudora, etc. -- Richard
signature.asc
Description: This is a digitally signed message part
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang