Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 5 Dec 2002 19:41:08 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        freebsd-chat@FreeBSD.ORG
Subject:   Re: Mail Insanity
Message-ID:  <20021205194108.GA94487@happy-idiot-talk.infracaninophi>
In-Reply-To: <02bb01c29c85$c0c5ff20$fa00a8c0@DaleCoportable>
References:  <3DEF75D7.9040401@centtech.com> <20021205173228.GA93795@happy-idiot-talk.infracaninophi> <02bb01c29c85$c0c5ff20$fa00a8c0@DaleCoportable>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Dec 05, 2002 at 11:42:57AM -0600, Kevin D. Kinsey, DaleCo, S.P. wrote:

> Matt, it appears that RFC 931 is not gonna catch these....check out
> 'envelope from'

Yeah.  On reflection, I think most spammers have been taught to use
registered IP addresses.  However...

> Received: from 200.171.46.76 (200-171-46-76.terra.com.br
> [200.171.46.76] (may be forged))
>  by ezekiel.daleco.biz (8.12.6/8.12.3) with SMTP id gB5AiQj0014526
>  for <kdk@csbc-lamar.org>; Thu, 5 Dec 2002 04:44:38 -0600 (CST)
>  (envelope-from squvacs695@acscorp.com)

200.171.46.76 is listed in relays.osirusoft.com --- Spamassassin
should give it a lot of zap points based on that...

> Message-Id: <200212051044.gB5AiQj0014526@ezekiel.daleco.biz>
> Received: from 152.74.145.157 ([152.74.145.157]) by hd.regsoft.net
> with esmtp; Dec, 05 2002 5:22:35 AM -0800
> Received: from [159.218.252.32] by n7.groups.yahoo.com with SMTP;
> Dec, 05 2002 4:38:49 AM +1100
> Received: from rly-xw01.mx.aol.com ([153.196.56.114]) by
> da001d2020.lax-ca.osd.concentric.net with SMTP; Dec, 05 2002 3:39:50
> AM +0600
> Received: from unknown (164.203.204.135) by a231242.upc-a.chello.nl
> with SMTP; Dec, 05 2002 2:39:42 AM +0700

Also having Received: headers below the message ID line is a pretty
good indication of forged headers... Seeing as it's your
ezekiel.daleco.biz server that's assigned the Message-Id:, probably none
of those Received: headers mean anything.  Then there's the Subject:
line.

Alas, there is no sure-fire way of catching every bit of spam, but
this one looks like it should be a pretty easy slam-dunk for most
anti-spam software.  

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
                                                      Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021205194108.GA94487>