and that ip is listed on 12 blacklists. my point exactly.
you wanted to know how to block them? use the blacklists.
On 7/15/10 9:14 PM, Peter Lowish wrote:
From my mailwatch report
186.4.15.18 (Reverse Lookup Failed) (GeoIP Lookup Failed)
ID: 1OYnOW-00019S-8I
Message Headers: Received: from [186.4.15.18] (helo=ford.rzbgq.com)
by host.webone.co.nz with smtp (Exim 4.69)
(envelope-from<pers...@vivotech.com>)
id 1OYnOW-00019S-8I
for cr...@web1.co.nz; Wed, 14 Jul 2010 09:52:07 +1200
Message-ID:<downpipe_nil7jmnmbul...@vivotech.com>
Date: Tue, 13 Jul 2010 15:52:06 -0600
From: Muncil Burnash<pers...@vivotech.com>
MIME-Version: 1.0
To: Mintor Bukowiecki<cr...@web1.co.nz>
Subject: O young man, to-day, in the same position, should be
Content-Type: multipart/mixed;
boundary="--------5D3989FFQhaNktULeDGfQ2a4avs"
From:
pers...@vivotech.com
To: cr...@web1.co.nz
Subject: O young man, to-day, in the same position, should be
Size: 29.1Kb
-----
Here is the email header
Return-path:<pers...@vivotech.com>
Envelope-to: cr...@web1.co.nz
Delivery-date: Wed, 14 Jul 2010 09:52:08 +1200
Received: from [186.4.15.18] (helo=ford.rzbgq.com)
by host.webone.co.nz with smtp (Exim 4.69)
(envelope-from<pers...@vivotech.com>)
id 1OYnOW-00019S-8I
for cr...@web1.co.nz; Wed, 14 Jul 2010 09:52:07 +1200
Message-ID:<downpipe_nil7jmnmbul...@vivotech.com>
Date: Tue, 13 Jul 2010 15:52:06 -0600
From: Muncil Burnash<pers...@vivotech.com>
MIME-Version: 1.0
To: Mintor Bukowiecki<cr...@web1.co.nz>
Subject: O young man, to-day, in the same position, should be
Content-Type: multipart/mixed;
boundary="--------5D3989FFQhaNktULeDGfQ2a4avs"
X-webone-MailScanner-Information: Please contact the ISP for more
information
X-webone-MailScanner-ID: 1OYnOW-00019S-8I
X-webone-MailScanner: Found to be clean
X-webone-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=1.47, required 5, DCC_CHECK 1.37, RDNS_NONE 0.10)
X-webone-MailScanner-SpamScore: s
X-webone-MailScanner-From: pers...@vivotech.com
X-EsetId: C30D4C20C48D2634974D
-----Original Message-----
From: Michael Scheidell [mailto:scheid...@secnap.net]
Sent: Friday, 16 July 2010 1:07 p.m.
To: users@spamassassin.apache.org
Subject: Re: png images
On 7/15/10 9:04 PM, Peter Lowish wrote:
I am wondering if someone has a rule to deal with the current spam
being sent with just a small png attachment the name of which changes
There is no text in the email, just the attachment - the subject line
is always different
reputation lists, rbl's, most of that? isn't it coming from zombie
dialups anyway?
Thanks
Peter
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________