Re: Weirdsvill
On Saturday 14 April 2007, Bart Schaefer wrote: >On 4/13/07, Gene Heskett <[EMAIL PROTECTED]> wrote: >> Now, I *think* I have that X-Originating-Ip: 193.93.97.195 in my >> .procmailrc, but it didn't fire. Odd... > >Is that rule before or after the point at which you run the message >through spamassassin? > >If after, it probably ddin't fire because spamassassin moved it out of >the top-level message header. You'd have to be looking for >X-Originating-IP in the body, then. Actually, the syntax was wrong, it turns out that you do NOT have to backslash escape the ] character. Once I'd gone thru procmailrc and fixed all of those, quite a few of my mailing lists disappeared, seems 5 or 6 of the addresses I'd snagged, were YahooGroup's mailing list servers. But the surprising thing that came out is that vger.kernel.org is apparently an alias to mailbag1.bizmailsrvcs.net & mailbag2.bizmailsrvcs.net and I get a whole bargeload of spam for viagra and penny stocks that are going to just explode from those 2 servers. Even a 419 from time to time. Ya win some, and ya lose some... -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) "Go to Heaven for the climate, Hell for the company." -- Mark Twain
Re: Weirdsvill
On 4/13/07, Gene Heskett <[EMAIL PROTECTED]> wrote: Now, I *think* I have that X-Originating-Ip: 193.93.97.195 in my .procmailrc, but it didn't fire. Odd... Is that rule before or after the point at which you run the message through spamassassin? If after, it probably ddin't fire because spamassassin moved it out of the top-level message header. You'd have to be looking for X-Originating-IP in the body, then.
Re: Weirdsvill
On Friday 13 April 2007, Bart Schaefer wrote: >On 4/13/07, Gene Heskett <[EMAIL PROTECTED]> wrote: >> The trail starts at localhost! HTF did they do that? > >You're looking at the header of the wrapper message created by >spamassassin, not at the header of the actual spam (which will be >inside a message/rfc822 body part of the message created by >spamassassin). That would be this I'd assume? == Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: from mail.wdtv.com [66.118.68.18] by coyote.coyote.den with POP3 (fetchmail-6.3.6) for <[EMAIL PROTECTED]> (single-drop); Fri, 13 Apr 2007 10:58:46 -0400 (EDT) Received: (qmail 16569 invoked by uid 508); 13 Apr 2007 10:57:59 -0400 Delivered-To: [EMAIL PROTECTED] Received: (qmail 16563 invoked by uid 509); 13 Apr 2007 10:57:59 -0400 Received: from 205.158.62.182 by mail.wdtv.com (envelope-from <[EMAIL PROTECTED]>, uid 508) with qmail-scanner-2.01 (clamdscan: 0.88.7/2478. spamassassin: 3.1.7. Clear:RC:0(205.158.62.182):SA:0(2.1/4.0):. Processed in 2.276218 secs); 13 Apr 2007 14:57:59 - X-False-Spam-Status: No, score=2.1 required=4.0 X-False-Spam-Level: ++ Received: from ws1-6.us4.outblaze.com (205.158.62.182) by mail.wdtv.com with SMTP; 13 Apr 2007 10:57:57 -0400 Received: by ws1-6.us4.outblaze.com (Postfix, from userid 1001) id BDE961CE597; Fri, 13 Apr 2007 14:57:49 + (GMT) Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary="_--=_1176476269149382" MIME-Version: 1.0 From: "Dr Phil Hodkinson" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Fri, 13 Apr 2007 09:57:49 -0500 Subject: Greetings From Group Finance Director Received: from [193.93.97.195] by ws1-6.us4.outblaze.com with http for [EMAIL PROTECTED]; Fri, 13 Apr 2007 09:57:49 -0500 X-Originating-Ip: 193.93.97.195 X-Originating-Server: ws1-6.us4.outblaze.com Message-Id: <[EMAIL PROTECTED]> X-procmail: user=gene X-Nasty: Aren't we? Greetings From Group Finance Director H.B.O.S Plc Edinburgh EH3 9PE websit:www.hbosplc.com === Now, I *think* I have that X-Originating-Ip: 193.93.97.195 in my .procmailrc, but it didn't fire. Odd... -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) It is better to kiss an avocado than to get in a fight with an aardvark.
Re: Weirdsvill
On 4/13/07, Gene Heskett <[EMAIL PROTECTED]> wrote: The trail starts at localhost! HTF did they do that? You're looking at the header of the wrapper message created by spamassassin, not at the header of the actual spam (which will be inside a message/rfc822 body part of the message created by spamassassin).
