I got spam like that (posted that here some time ago), all with the specific port= helo= characteristic in the header. Since there was no FP during testing I now discard them all in Postfix with: /^Received: from \[[0-9\.]*\] \(port\=[0-9][0-9][0-9][0-9] helo\=\[[a-zA-Z]*\]\)/ DISCARD
Regards Menno van Bennekom > Got three of these tonight with the same trojan, SA detected the other two > as > spam, this one slipped through just a bit under the wire. > > ---------- Forwarded Message ---------- > > Status: U > Return-Path: <[EMAIL PROTECTED]> > Received: from pop.earthlink.net [209.86.93.204] > by localhost with POP3 (fetchmail-6.2.5) > for [EMAIL PROTECTED] (single-drop); Thu, 18 Aug 2005 21:57:34 -0500 > (CDT) > Received: from pc075675.sci.gu.edu.au ([132.234.102.3]) > by mx-bracke.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id > 1e5X397zk3Nl34i0 > for <[EMAIL PROTECTED]>; Thu, 18 Aug 2005 22:56:07 -0400 (EDT) > Received: from [194.32.104.162] (port=3279 helo=qpeqz) > by pc075675.sci.gu.edu.au with SMTP > for [EMAIL PROTECTED] ; Fri, 19 Aug 2005 12:55:39 +1000 > Message-ID: <[EMAIL PROTECTED]> > From: "Mail Administrator" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: status > Date: Fri, 19 Aug 2005 12:42:39 +1000 > MIME-Version: 1.0 > Content-Type: multipart/mixed;