Hi Dave,
Are you suggesting that the server bigpuddle.net has been hijacked?
If so how did you come to that conclusion and what would the remedy be?
On 29/11/2010 12:17 PM, David Milholen wrote:
If you want you could drop the host(95.45.226.126) in Tcp.rules.
I would:)
I did a Dns report on all the listed domains and none of them reference back to
any of the listed domains within the email.
Looks as if a web server with an open mail service has been hijacked.
Here is the ip for the mx record for rolex.com 91.121.225.225
The one for bigpuddle.net
(0 mail.bigpuddle.net. [TTL=7200] IP=111.223.234.146 (No Glue) [TTL=6840] [AU])
here is the other from 1seabridge.com
10 mailin.rzone.de. [TTL=7200] IP=81.169.145.102 (No Glue) [TTL=1800] [DE]
Notice I ripped those from the report.
If you are using Spamassassin then you may be able to match the Recieve from
header for bigpuddle.net.
All done while playing DOD:source,jamming to favorite Hard house techno and do
some catching up on some code :)
I luv my new multiheaded system :)
--Dave
On 11/28/2010 5:57 PM, Eric Shubert wrote:
chkuser does not use badmailfrom/badmailto. chkuser simply does some sanity
checks.
badmailfrom/badmailto is part of qmail-smtpd itself (not sure if it's a patch
or not).
Does that clear things up?
On 11/28/2010 04:13 PM, Tony White wrote:
Hi Eric,
Not sure I understand your response here!
The badmailfrom is the file I am using yet
you are suggesting I use the "Deliver To"
address which I assumed was used in the Badmailto file?
Anyway here is the header...
From - Sat Nov 27 03:54:12 2010
X-Account-Key: account3
X-UIDL: 1290790248.26966.indialau.bigpuddle.net,S=3431
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path:<yejeyo1...@1seabridge.com>
Delivered-To: t...@psylon.net
Received: (qmail 26962 invoked by uid 89); 26 Nov 2010 16:50:47 -0000
Received: from unknown (HELO ?95.45.226.126?) (95.45.226.126)
by indialau.bigpuddle.net with SMTP; 26 Nov 2010 16:50:47 -0000
Received-SPF: none (indialau.bigpuddle.net: domain at 1seabridge.com
does not designate permitted sender hosts)
From: Rolex.com<no-re...@rolex.com>
To: t...@psylon.net
Subject: t...@psylon.net Rolex.com Now -71%
Mime-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
I chose the @rolex.com as it was what is seen in the logs and using
vwatchall.
Extract from log
2010-11-29 09:58:14.937637500 CHKUSER accepted sender: from
<pv...@rolex.com::>
2010-11-29 10:08:20.529856500 CHKUSER accepted sender: from
<vy...@rolex.com::>
As can be seen from this that chkuser is accepting the @rolex.com but
then spamdyke refuses it!
My issue is, why does chkuser accept the sender when it is in the
badmailfrom list? If chkuser denied
the connection based on the rolex.com in badmailfrom them spamdyke would
not be called.
On 29/11/2010 9:16 AM, Eric Shubert wrote:
On 11/28/2010 03:08 PM, Tony White wrote:
Hi folks,
I am trying, still, to block a number of emails in the Badmailfrom list.
Eric instigated the regex type expressions for me they entire operation
does not seem to be working.
I have some 150 addresses in the file and none of the are blocked.
Example
....@rolex\.com$
....@ozgameshop\.com$
\.yourfreeworld\.com$
eli...@gmail\.com$
The rolex one is the primary interest as it seems to get through no
matter what I do. Is it my regex expressions or does bamailfrom/
badmailto simply not work?
thanks...
To begin with, the .* at the beginning isn't needed. It will match
that without the specification, as there is no ^ indicating the
beginning of the string.
I'm wondering, are you looking at the correct recipient address? There
are 2, one on the 'envelope' and one on the message itself. These 2
addresses don't necessarily match, and often do not with spam. On the
messages that are getting though, take a look at the "Delivered To:"
header. This is the address that badmailfrom will filter.
Is that perhaps the problem you're having?
--
David Milholen
Project Engineer
P:501-318-1300
--
best wishes
Tony White
Yea Computing Services
http://www.ycs.com.au
4 The Crescent
Yea
Victoria
Australia 3717
Telephone No's
VIC : 03 5797 3344
VIC : 03 9008 5614
TAS : 03 6107 9099
NT : 08 8921 4049
SA : 08 7123 0847
NSW : 02 8014 5547
QLD : 07 3123 6647
WA : 08 6365 2199
FAX : 03 9008 5610 (FAX2Email)
FAX : 03 5797-3288
IMPORTANT NOTICE
This communication including any file attachments is intended solely for
the use of the individual or entity to whom it is addressed. If you are
not the intended recipient, or the person responsible for delivering
this communication to the intended recipient, please immediately notify
the sender by email and delete the original transmission and its
contents. Any unauthorised use, dissemination, forwarding, printing or
copying of this communication including file attachments is prohibited.
It is your responsibility to scan this communication including any file
attachments for viruses and other defects. To the extent permitted by
law, Yea Computing Services and its associates will not be liable for
any loss or damage arising in any way from this communication including
any file attachments.
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
