On 11/07/10 23:06, Michelle Konzack wrote:
Hello John Hardin,
Am 2010-07-11 08:57:39, hacktest Du folgendes herunter:
On Sun, 11 Jul 2010, Karsten Br�ckelmann wrote:
What about providing some raw From: headers then?
+1 We need to see the headers.
----[ STDIN ]-----------------------------------------------------------
From coupond...@perezcentral.com Sun Jul 11 17:21:41 2010
Return-Path:<coupond...@perezcentral.com>
Delivered-To: linux4miche...@tamay-dogan.net
Received: from erona.perezcentral.com (erona.perezcentral.com
[::ffff:72.34.111.198])
by mail.tamay-dogan.net with esmtp; Sun, 11 Jul 2010 17:21:14 +0200
id 0002BDA9.4C39E16B.00001A98
To: linux4miche...@tamay-dogan.net
Date: Sun, 11 Jul 2010 08:20:47 -0700
From: "Coupon Dept."<CouponDeptdOS_V`CcOP
IW^GIdATOn2PbJK_/v...@perezcentral.com>
Subject: Your Complimentary Coupons
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Message-ID:<pine.lnx.4.31.030101.9935055.8720-1278861...@mail.perezcentral.com>
X-TDTools-Procmail: FILTER=FLT_weird_from, TLIST=FLT_weird_from,
WLIST=FLT_weird_from, COUNT=3
<snip>
------------------------------------------------------------------------
Thanks, Greetings and nice Day/Evening
Michelle Konzack
For me, that would be caught by dbl.spamhaus.org as a blacklisted sender
domain during the smtp connection.
$ nslookup perezcentral.com.dbl.spamhaus.org
Non-authoritative answer:
Name: perezcentral.com.dbl.spamhaus.org
Address: 127.0.1.2
For example, in postfix add to smptd_*_restrictions:
reject_rhsbl_sender dbl.spamhaus.org
You can also check the helo and client against dbl.spamhaus.org
reject_rhsbl_helo dbl.spamhaus.org
reject_rhsbl_client dbl.spamhaus.org
Ref: http://www.spamhaus.org/dbl/
