Thanks Dave, I guess I didn't think about looking in the RBL list. I rememeber seeing somewhere a long list of blacklisted servers that someone was maintaining also, but I can't seem to find it again. Was that here and does anyone know where it is???
Thanks again, J. -----Original Message----- From: David B Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 1:25 AM To: Jeff Funk Cc: [EMAIL PROTECTED] Subject: Re: [SAtalk] Any ideas???? On Thu, 18 Sep 2003, Jeff Funk wrote: > The header below is from an e-mail that seems to get through sa repeatedly on our > Communigate server. There's no evidence that it's being scanned by sa at all. Is > there something I'm missing here???? > > Microsoft Mail Internet Headers Version 2.0 > Received: from bandoog.com ([209.83.8.50]) by mail.farin.com with Microsoft > SMTPSVC(5.0.2195.5329); > Thu, 18 Sep 2003 00:40:43 -0500 > Received: from [218.75.22.22] (HELO 209.83.8.50) > by bandoog.com (CommuniGate Pro SMTP 4.1.3) > with SMTP id 1325526 for [EMAIL PROTECTED]; Thu, 18 Sep 2003 00:41:08 -0500 > Received: from [66.254.7.10] by 209.83.8.50 with ESMTP id <247056-92322>; Thu, 18 > Sep 2003 17:31:45 -0200 > Message-ID: <[EMAIL PROTECTED]> > From: "Carlos Wilkes" <[EMAIL PROTECTED]> > Reply-To: "Carlos Wilkes" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Get_Diazepam_-_No_Prescription_Needed_-_chuck > Date: Thu, 18 Sep 03 17:31:45 GMT > X-Mailer: Microsoft Outlook Express 5.50.4522.1200 > MIME-Version: 1.0 > Content-Type: multipart/related; > type="multipart/alternative"; > boundary="0.88.2C._5F0" > X-Priority: 1 > X-MSMail-Priority: High > Return-Path: [EMAIL PROTECTED] > X-OriginalArrivalTime: 18 Sep 2003 05:40:43.0603 (UTC) FILETIME=[66E88230:01C37DA7] > > --0.88.2C._5F0 > Content-Type: multipart/alternative; > boundary="0.88.2C._DD0" > [snip..] That message had a number of image attachments. What was its total size? Usual SA instllations have a max message size above which they won't process. (IE if the message is large then it is bypassed). You could add a MIME unpacker (such as MIMEdefang or mailscanner) to your message processing system to seperate the message body from the image attachments and then run just the message body thru SA. I noticed that the message came from the IP address [218.75.22.22], that's an open proxy as reported in a number of DSBLs. (10 of my list hit it). Just add a few DSBLs as blockers to the front-end of your CG server and not be bothered by that trash at all. ;) -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
