Recently we noticed an increase in junk and discovered that it's coming
from Hotmail (and to a lesser extent Yahoo).
The problem is that these spammers are smarter that the average spammer.
The don't spam flatout all the time (not to us anyway) and since the
mail comes from hotmail's servers and they use a Hotmail address
"<[EMAIL PROTECTED]> then they get by Postfix and Spamassassin
quite easily.
I have not tested it but I would imagine greylisting would fail since
hotmail's servers will do the normal thing and retry later (using same
sender address etc).
Most of what we have been getting is Drugs related junk so I increased
the scores in Spamassassin accordingly which has helped but some still
gets by based on different content in the messages and obvioulsy if they
chnage tactics and start doing weight loss etc then it will probably get in.
We cannot block hotmail due to valid mail coming from there. Is there a
way in Postfix that could filter out this junk somehow?
Below are some examples
##########################################################
Microsoft Mail Internet Headers Version 2.0
Received: from mail.icfrith.com.au ([XXX.XXX.XXX.XXX]) by
icfmail1.icfrith.com.au with Microsoft SMTPSVC(5.0.2195.6713);
Tue, 19 Aug 2008 23:59:42 +1000
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.icfrith.com.au (Postfix) with ESMTP id DD64D2B959
for <[EMAIL PROTECTED]>; Tue, 19 Aug 2008 23:59:43 +1000
(EST)
X-Virus-Scanned: Debian amavisd-new at icfrith.com.au
X-Spam-Score: -0.144
X-Spam-Level:
X-Spam-Status: No, score=-0.144 required=5.31 tests=[BAYES_00=-2.599,
DCC_CHECK=2.17, DRUGS_ERECTILE=0.282, HTML_MESSAGE=0.001,
ONLINE_PHARMACY=0.001, TVD_VISIT_PHARMA=0.001]
Received: from mail.icfrith.com.au ([127.0.0.1])
by localhost (icfsydmxg-vm.icfrith.com.au [127.0.0.1])
(amavisd-new, port 10024)
with ESMTP id JLdoDGWcLqRX for <[EMAIL PROTECTED]>;
Tue, 19 Aug 2008 23:59:40 +1000 (EST)
Received: from blu0-omc3-s29.blu0.hotmail.com
(blu0-omc3-s29.blu0.hotmail.com [65.55.116.104])
by mail.icfrith.com.au (Postfix) with ESMTP id 00ED62B905
for <[EMAIL PROTECTED]>; Tue, 19 Aug 2008 23:59:34 +1000
(EST)
Received: from BLU135-W36 ([65.55.116.73]) by
blu0-omc3-s29.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 19 Aug 2008 06:59:27 -0700
Message-ID: <[EMAIL PROTECTED]>
Content-Type: multipart/alternative;
boundary="_605a643e-57e1-4566-b4f5-80149ef06c75_"
X-Originating-IP: [68.97.155.25]
From: Nancy Johnson <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Back into the youth - only with Viagra Professional
Date: Tue, 19 Aug 2008 13:59:26 +0000
Importance: High
MIME-Version: 1.0
X-OriginalArrivalTime: 19 Aug 2008 13:59:27.0695 (UTC)
FILETIME=[CB5F55F0:01C90203]
Return-Path: [EMAIL PROTECTED]
--_605a643e-57e1-4566-b4f5-80149ef06c75_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_605a643e-57e1-4566-b4f5-80149ef06c75_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_605a643e-57e1-4566-b4f5-80149ef06c75_--
#################################################################
Microsoft Mail Internet Headers Version 2.0
Received: from mail.icfrith.com.au ([XXX.XXX.XXX.XXX]) by
icfmail1.icfrith.com.au with Microsoft SMTPSVC(5.0.2195.6713);
Tue, 19 Aug 2008 20:55:59 +1000
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.icfrith.com.au (Postfix) with ESMTP id 5A7AC2B961
for <[EMAIL PROTECTED]>; Tue, 19 Aug 2008 20:56:00 +1000
(EST)
X-Virus-Scanned: Debian amavisd-new at icfrith.com.au
X-Spam-Score: 1.728
X-Spam-Level: *
X-Spam-Status: No, score=1.728 required=5.31 tests=[BAYES_50=0.001,
DRUGS_ERECTILE=0.282, FB_CIALIS_LEO3=1.441, HTML_MESSAGE=0.001,
SUBJECT_DRUG_GAP_C=0.003]
Received: from mail.icfrith.com.au ([127.0.0.1])
by localhost (icfsydmxg-vm.icfrith.com.au [127.0.0.1])
(amavisd-new, port 10024)
with ESMTP id oFVqnG2CBkCi for <[EMAIL PROTECTED]>;
Tue, 19 Aug 2008 20:55:52 +1000 (EST)
Received: from blu0-omc2-s17.blu0.hotmail.com
(blu0-omc2-s17.blu0.hotmail.com [65.55.111.92])
by mail.icfrith.com.au (Postfix) with ESMTP id 6700E2B905
for <[EMAIL PROTECTED]>; Tue, 19 Aug 2008 20:55:45 +1000
(EST)
Received: from BLU118-W8 ([65.55.111.72]) by
blu0-omc2-s17.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 19 Aug 2008 03:55:42 -0700
Message-ID: <[EMAIL PROTECTED]>
Content-Type: multipart/alternative;
boundary="_de1bbbbe-6bd9-42f3-a8c2-16a3ba887632_"
X-Originating-IP: [119.141.38.224]
From: Nancy Taylor <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Amplify your sexual power with Soft Cialis.
Date: Tue, 19 Aug 2008 10:55:42 +0000
Importance: High
MIME-Version: 1.0
X-OriginalArrivalTime: 19 Aug 2008 10:55:42.0785 (UTC)
FILETIME=[20039310:01C901EA]
Return-Path: [EMAIL PROTECTED]
--_de1bbbbe-6bd9-42f3-a8c2-16a3ba887632_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_de1bbbbe-6bd9-42f3-a8c2-16a3ba887632_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_de1bbbbe-6bd9-42f3-a8c2-16a3ba887632_--
