Am 2008-06-29 10:55:19, schrieb thadcoco:
> I just tried, but it doesn't work either. Recall that the nasty IP is
> wrapped as part of an attachment. I need to be able to scan the entire raw
> message with either SA or I suppose procmail.
Don't be to complicate and EGREP the BODY for it:
:0B
Am 2008-06-29 07:07:58, schrieb thadcoco:
> servers. Virtually all these emails are being sent from a zombie at a single
> IP.
OK
> i.e.: All the messages contain the following line somewhere within:
> Received: from d04m-89-83-98-193.d4.club-internet.fr ([89.83.98.193])
>
> I can't figure out
this message in context:
http://www.nabble.com/Being-Buried-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18181167.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
)
Thanks!
Thad
--
View this message in context:
http://www.nabble.com/Being-Buried-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18187451.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Hi!
You can even drop the IP with a route command.
Do: route add -host reject
Not if the IP address you want to block is several MTA relay hops
removed from you.
Ok. I think i missed that ;)
Bye,
Raymond.
On Sun, 2008-06-29 at 20:44 +0200, Raymond Dijkxhoorn wrote:
> >> And exactly why dont you block those on your MTA? Bit waste on CPU cycles
> >> like this... first process then, and then trash it anyway.
>
> > Well, mostly because I don't have any idea how to do so at the MTA level
> > and also
On Sun, 2008-06-29 at 10:55 -0700, thadcoco wrote:
> While if I can make this work at the procmail level, I would think it would
> be better to use SA, because rules can be tested more easily using --lint.
> Thoughts?
Where you do it depends on what tool chain you're using. Since you want
to dis
thadcoco wrote:
Hi All,
My server CentOS 4, Sendmail, MailScanner (SA & ClamAV) is being buried by
spoofed emails that are bounced back to my domain by the recipient's
servers. Virtually all these emails are being sent from a zombie at a single
IP.
i.e.: All the messages contain the following
Hi!
And exactly why dont you block those on your MTA? Bit waste on CPU cycles
like this... first process then, and then trash it anyway.
Well, mostly because I don't have any idea how to do so at the MTA level
and also I would think it would be harder to add other offending IPs in
the future
MTA level and
also I would think it would be harder to add other offending IPs in the
future.
--
View this message in context:
http://www.nabble.com/Being-Buried-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18183661.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
-
View this message in context:
http://www.nabble.com/Being-Buried-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18183545.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Hi!
i.e.: All the messages contain the following line somewhere within:
Received: from d04m-89-83-98-193.d4.club-internet.fr ([89.83.98.193])
I can't figure out how to mark any messages that originally sourced from
that IP so that that can be dropped by Procmail (that approach would appears
to
ibly masking the headers
from SA which then makes my rules all fail.
I had even considered killing any and all email that are bounces, but then
no one on my server would ever know if a legit email they sent got
bounced...
Thanks!
Thad
--
View this message in context:
http://www.nabble.com/Be
--On Sunday, June 29, 2008 7:07 AM -0700 thadcoco <[EMAIL PROTECTED]>
wrote:
i.e.: All the messages contain the following line somewhere within:
Received: from d04m-89-83-98-193.d4.club-internet.fr ([89.83.98.193])
I can't figure out how to mark any messages that originally sourced from
th
> On Sun, 29 Jun 2008 07:07:58 -0700 (PDT), thadcoco
> <[EMAIL PROTECTED]> wrote:
>
>
> Can you not block them at your router or firewall? Then
> they are not taking up threads either. It's how I deal
> with heavy hitters.
>
> Nigel
I understood that the d04m-89-83-98-193.d4.club-internet.fr
On Sun, 29 Jun 2008 07:07:58 -0700 (PDT), thadcoco
<[EMAIL PROTECTED]> wrote:
>
>Hi All,
>
>My server CentOS 4, Sendmail, MailScanner (SA & ClamAV) is being buried by
>spoofed emails that are bounced back to my domain by the recipient's
>servers. Virtually all these emails are being sent from a zo
In postfix I have /etc/postfix/header_checks
/x.x.x.x/DROP
I'm sure sendmail has something similar?
thadcoco wrote:
Hi All,
My server CentOS 4, Sendmail, MailScanner (SA & ClamAV) is being buried by
spoofed emails that are bounced back to my domain by the recipient's
servers. Virtually
_SPAMMER Received =~ /89\-83\-98\-193/
describe ANNOYING_SPAMMER Mark mail touched by specific IP as spam
score ANNOYING_SPAMMER 15
---
--
View this message in context:
http://www.nabble.com/Being-Buried-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18181167.html
Sent from
18 matches
Mail list logo
