How do i catch this
Hi, How do I catch these types of mails? Received: from wk-2022 [125.92.211.28] by ourdomain.com (SMTPD-8.22) id AF800E44; Wed, 01 Nov 2006 01:32:32 -0500 Received: (qmail 1474 invoked by uid 0); Wed, 1 Nov 2006 14:30:22 -) Received: from unknown (HELO evmneyumjf) (192.168.1.7) by 192.168.1.21 with SMTP; Wed, 1 Nov 2006 14:30:22 - Date: Wed, 1 Nov 2006 14:25:22 +0800 From: adam [EMAIL PROTECTED] Mime-Version: 1.0 To: [EMAIL PROTECTED] Subject: This is not shown on TV. Content-Type: multipart/mixed; boundary=---D502AA0C7D660BFD Message-Id: [EMAIL PROTECTED] X-Envelope-From:[EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on server1 X-Spam-Level: X-Spam-Status: No, score=4.0 required=4.5 tests=BAYES_80,RCVD_BY_IP, SARE_GIF_ATTACH autolearn=no version=3.0.1 X-IMail-Queuename:3f80014d1cb9; Demo: 2006-11-30 X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 460400970 X-IMail-ThreadID: 3f80014d1cb9 This is not shown on TV. Received: from w01 [211.22.72.223] by ourdomain.com (SMTPD-8.22) id A16706AC; Wed, 01 Nov 2006 00:32:23 -0500 Received: (qmail 1096 invoked by uid 0); Wed, 1 Nov 2006 13:31:11 -) Received: from unknown (HELO txsjre) (192.168.1.23) by 192.168.1.101 with SMTP; Wed, 1 Nov 2006 13:31:11 - Date: Wed, 1 Nov 2006 13:23:11 +0800 From: claudia adams [EMAIL PROTECTED] Mime-Version: 1.0 To: [EMAIL PROTECTED] Subject: Livan War real pictures. Content-Type: multipart/mixed; boundary=---C5F64F487E86CFDA Message-Id: [EMAIL PROTECTED] X-Envelope-From:[EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on server1 X-Spam-Level: X-Spam-Status: No, score=4.0 required=4.5 tests=BAYES_95,RCVD_BY_IP autolearn=no version=3.0.1 X-IMail-Queuename:3166016ef8c3; Demo: 2006-11-30 X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 460400944 X-IMail-ThreadID: 3166016ef8c3 From: claudia adams [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: Date: Wed, 1 Nov 2006 13:23:11 +0800 Subject: Livan War real pictures. Livan War real pictures. Warm Regards, Suhas System Administrator QualiSpace - A QuantumPages Enterprise === Tel India: +91 (22) 6792 - 1480 Tel US: +1 (614) 827 - 1224 Fax India: +91 (22) 2530 - 3166 URL: http://www.qualispace.com === For Any Technical Query Please Use: http://helpdesk.qualispace.com QualiSpace Community Discussion forum: http://forum.qualispace.com
Re: How do i catch this
On Wed, November 1, 2006 09:27, Suhas \(QualiSpace\) wrote: How do I catch these types of mails? Received: from wk-2022 [125.92.211.28] by ourdomain.com Don't accept mail from non-fully-qualified HELOs ?
Re: How do i catch this
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suhas (QualiSpace) wrote: Hi, How do I catch these types of mails? Received: from wk-2022 [125.92.211.28] by ourdomain.com (SMTPD-8.22) id AF800E44; Wed, 01 Nov 2006 01:32:32 -0500 Received: (qmail 1474 invoked by uid 0); Wed, 1 Nov 2006 14:30:22 -) Received: from unknown (HELO evmneyumjf) (192.168.1.7) by 192.168.1.21 with SMTP; Wed, 1 Nov 2006 14:30:22 - Date: Wed, 1 Nov 2006 14:25:22 +0800 From: adam [EMAIL PROTECTED] http://mail.mirackle.com:8383/Xb8439bcf99989399cf9e911fc4cb/newmsg.cgi?mbx=Main[EMAIL PROTECTED] Mime-Version: 1.0 To: [EMAIL PROTECTED] Subject: This is not shown on TV. Content-Type: multipart/mixed; boundary=---D502AA0C7D660BFD Message-Id: [EMAIL PROTECTED] http://mail.mirackle.com:8383/Xb8439bcf99989399cf9e911fc4cb/newmsg.cgi?mbx=Main[EMAIL PROTECTED] X-Envelope-From:[EMAIL PROTECTED] http://mail.mirackle.com:8383/Xb8439bcf99989399cf9e911fc4cb/newmsg.cgi?mbx=Main[EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on server1 X-Spam-Level: X-Spam-Status: No, score=4.0 required=4.5 tests=BAYES_80,RCVD_BY_IP, SARE_GIF_ATTACH autolearn=no version=3.0.1 You're getting really close, I bet if you turned on network tests you'd be fine. You may also want to look into setting up DCC and/or Razor as well. HTH Alan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFSGqGE2gsBSKjZHQRAqJ5AJ4w9uOGii11hsaiweqKbIvthah3qQCcDZeD H1GXqjPxsVkVmQtqkVNXihU= =rdkQ -END PGP SIGNATURE-
RE: How do i catch this
But I am afraid of false positives. What others say on this? Warm Regards, Suhas System Admin QualiSpace - A QuantumPages Enterprise === Tel India: +91 (22) 6792 - 1480 Tel US: +1 (614) 827 - 1224 Fax India: +91 (22) 2530 - 3166 URL: http://www.qualispace.com === For Any Technical Query Please Use: http://helpdesk.qualispace.com QualiSpace Community Discussion forum: http://forum.qualispace.com -Original Message- From: Duncan Hill [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 01, 2006 3:06 PM To: users@spamassassin.apache.org Subject: Re: How do i catch this On Wed, November 1, 2006 09:27, Suhas \(QualiSpace\) wrote: How do I catch these types of mails? Received: from wk-2022 [125.92.211.28] by ourdomain.com Don't accept mail from non-fully-qualified HELOs ?
RE: How do i catch this
Title: RE: How do i catch this The FPs are more. I did observe some genuine newsltters coming from such IPs. ~Chaitu From: Suhas (QualiSpace) [mailto:[EMAIL PROTECTED]Sent: Wed 11/1/2006 3:43 PMTo: 'Duncan Hill'Cc: users@spamassassin.apache.orgSubject: RE: How do i catch this But I am afraid of false positives. What others say on this?Warm Regards,SuhasSystem AdminQualiSpace - A QuantumPages Enterprise===Tel India: +91 (22) 6792 - 1480Tel US: +1 (614) 827 - 1224Fax India: +91 (22) 2530 - 3166URL: http://www.qualispace.com===For Any Technical Query Please Use: http://helpdesk.qualispace.comQualiSpace Community Discussion forum: http://forum.qualispace.com-Original Message-From: Duncan Hill [mailto:[EMAIL PROTECTED]]Sent: Wednesday, November 01, 2006 3:06 PMTo: users@spamassassin.apache.orgSubject: Re: How do i catch thisOn Wed, November 1, 2006 09:27, Suhas \(QualiSpace\) wrote: How do I catch these types of mails? Received: from wk-2022 [125.92.211.28] by ourdomain.comDon't accept mail from non-fully-qualified HELOs ?
RE: How do i catch this
On Wed, 1 Nov 2006, Suhas (QualiSpace) wrote: But I am afraid of false positives. What others say on this? We reject mail from non-fqdn HELOs and have had, thus far, one FP. The one FP we had was a mailing list sent out by someone who was a spammer in his spare time, and he just used the same (misconfigured) spamming software to send out his legitimate mailing lists. If someone can't properly identify themselves to your server, tell 'em to pound sand. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University
