I would take a closer look at the header and see where the orginating ip
is coming from then run it against dns reports or ipcountryblocks.net to
see what country it belongs to and check its fraud profile. Ill bet 99%
that it is going to register on some level.
If you find this to be the case then confirm against other related spam
email to see if it is foreign and if so spamdyke has a configuration to
specifically drop certain country codes or allow them.
I am confirming this with Jake offlist.
Here is where I found this info:
http://wiki.qmailtoaster.com/index.php/Spamdyke
TM
Dave
RM-24x7server.net wrote:
hi
Spam with the "mail to" and "mail from" as same email id
Using a different email server, i email from raj...@xxxxxx.com (with
different auth credentials) to raj...@xxxxxx.com (my mail server where
xxxxxx.com is hosted)
the email came thru with the following headers
###############
RFC822 Message body
Return-Path: <raj...@xxxxxx.com>
Delivered-To: raj...@xxxxxx.com
Received: (qmail 12267 invoked by uid 89); 1 May 2009 02:15:10 -0000
Received: by simscan 1.3.1 ppid: 12262, pid: 12264, t: 0.0694s
scanners: attach: 1.3.1 spam: 3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
ns1.xxxxxx.com
X-Spam-Level:
X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE,
STOX_REPLY_TYPE,TVD_SPACE_RATIO autolearn=disabled version=3.2.5
Received: from unknown (HELO ns1.yyyyy.com) (208.115.35.224)
by ns1.xxxxxx.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 1 May 2009
02:15:10 -0000
Received-SPF: fail (ns1.xxxxxx.com: SPF record at xxxxxx.com does not
designate 208.115.35.224 as permitted sender)
Received: (qmail 14831 invoked by uid 89); 1 May 2009 01:49:41 -0000
Received: by simscan 1.3.1 ppid: 14752, pid: 14790, t: 1.4497s
scanners: attach: 1.3.1
Received: from unknown (HELO inic1) (y...@yyyyy.com@59.184.138.203)
by ns1.yyyyyy.com with ESMTPA; 1 May 2009 01:49:40 -0000
Message-ID: <001e01c9ca03$40b50e90$1401a...@inic1>
From: "xxxxxx.com" <raj...@xxxxxx.com>
To: <raj...@xxxxxx.com>
Subject: xxxxxx
Date: Fri, 1 May 2009 07:49:20 +0530
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
corpmailserver
###############
Have you received this type of spam since installing spamdyke? If so,
please post the headers from an example.
Have you modified the spamdyke configuration that qtp-install-spamdyke
installed?
If not, you might try enabling reject-ip-in-cc-rdns if that's feasible
for your use. See spamdyke documentation (http://spamdyke.org) for
details.
If so, please post your spamdyke configuration.
24x7ser...@24x7server.net wrote:
hi
i have QTP with spamdyke implemented and running on my server
i read thru spamdyke configuration details but did not find anything
specific that will actually block spam mail with the "from" and "to"
address as the same but originating from a unknown server.
Can you point me as to which specific configuration will actually track
this and help me to block such mails?
by the way i found a spamassassin plugin that blocks emails where the
"mail from" different from the "reply to" which i am posting seperately
incase it is useful for somebody -- this blocks tons of email list spam
with minimal load on spamassassin.
thanks
rajesh
Simply run the qtp-install-spamdyke script, and spamdyke will be
installed for you. Be sure to update to the current QTP before doing
so,
as an older version of QTP might install an older version of spamdyke,
or the older QTP might not contain the qtp-install-spamdyke script at
all. See http://wiki.qmailtoaster.com/index.php/Spamdyke for more.
There is absolutely no harm in updating QTP. It is benign in and of
itself. It's only when you run some of the QTP tools that your QMT
configuration might change.
I hope that answers your question.
24x7ser...@24x7server.net wrote:
hi
we are indeed using qmailtoaster plus (QTP)
but i would like to know which specific configuration of QTP is
related
to
this ?
thanks
rajesh
24x7ser...@24x7server.net wrote:
hi
in spamassassin i generally whitelist specific domains
whitelist_from_rcvd *...@friendlydomain.com friendlydomain.com
whitelist_from_rcvd *...@friendlydomain.com abc.friendlydomain.com
whitelist_from_rcvd *...@friendlydomain.com xyz.friendlydomain.com
i know for sure that the emails from *...@friendlydomain.com and coming
from
different ip addressess - friendlydomain.com, abc.friendlydomain.com
and
xyz.friendlydomain.com are good email
what i need to do is blacklist emails from *...@friendlydomain.com if
they
are NOT from friendlydomain.com, abc.friendlydomain.com and
xyz.friendlydomain.com since i know for sure that emails from
*...@friendlydomain.com will not originate from any other server.
is there is method for this ?
As Jake explained, no. Spamassassin won't catch this type of spam.
Use spamdyke. There is a script in qmailtoaster-plus
(http://qtp.qmailtoaster.com) that will install it for you. It will
lighten the load on your server as well.
rajesh
FWIW, I have a user who does this periodically to save various
things,
so for me it's not spam.
Are you using spamdyke? I'd be surprised if spamdyke didn't catch
the
emails in question.
--
-Eric 'shubes'
--
-Eric 'shubes'
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Managed Qmailtoaster servers are now available
Visit http://qmailtoaster.com/QMTManaged.html to order yours today!
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com
For additional commands, e-mail: testing-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Managed Qmailtoaster servers are now available
Visit http://qmailtoaster.com/QMTManaged.html to order yours today!
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com
For additional commands, e-mail: testing-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Managed Qmailtoaster servers are now available
Visit http://qmailtoaster.com/QMTManaged.html to order yours today!
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com
For additional commands, e-mail: testing-h...@qmailtoaster.com
