From owner-freebsd-chat Thu Dec 5 11:41:23 2002 Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECE5537B401 for ; Thu, 5 Dec 2002 11:41:21 -0800 (PST) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED5B843ECF for ; Thu, 5 Dec 2002 11:41:19 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.6/8.12.6) with ESMTP id gB5JfDOR094881 for ; Thu, 5 Dec 2002 19:41:13 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.6/8.12.6/Submit) id gB5Jf8wu094880 for freebsd-chat@FreeBSD.ORG; Thu, 5 Dec 2002 19:41:08 GMT Date: Thu, 5 Dec 2002 19:41:08 +0000 From: Matthew Seaman To: freebsd-chat@FreeBSD.ORG Subject: Re: Mail Insanity Message-ID: <20021205194108.GA94487@happy-idiot-talk.infracaninophi> Mail-Followup-To: freebsd-chat@FreeBSD.ORG References: <3DEF75D7.9040401@centtech.com> <20021205173228.GA93795@happy-idiot-talk.infracaninophi> <02bb01c29c85$c0c5ff20$fa00a8c0@DaleCoportable> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <02bb01c29c85$c0c5ff20$fa00a8c0@DaleCoportable> User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-2.3 required=5.0 tests=IN_REP_TO,MAILTO_TO_SPAM_ADDR,QUOTED_EMAIL_TEXT,REFERENCES, SPAM_PHRASE_02_03,USER_AGENT,USER_AGENT_MUTT version=2.43 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Dec 05, 2002 at 11:42:57AM -0600, Kevin D. Kinsey, DaleCo, S.P. wrote: > Matt, it appears that RFC 931 is not gonna catch these....check out > 'envelope from' Yeah. On reflection, I think most spammers have been taught to use registered IP addresses. However... > Received: from 200.171.46.76 (200-171-46-76.terra.com.br > [200.171.46.76] (may be forged)) > by ezekiel.daleco.biz (8.12.6/8.12.3) with SMTP id gB5AiQj0014526 > for ; Thu, 5 Dec 2002 04:44:38 -0600 (CST) > (envelope-from squvacs695@acscorp.com) 200.171.46.76 is listed in relays.osirusoft.com --- Spamassassin should give it a lot of zap points based on that... > Message-Id: <200212051044.gB5AiQj0014526@ezekiel.daleco.biz> > Received: from 152.74.145.157 ([152.74.145.157]) by hd.regsoft.net > with esmtp; Dec, 05 2002 5:22:35 AM -0800 > Received: from [159.218.252.32] by n7.groups.yahoo.com with SMTP; > Dec, 05 2002 4:38:49 AM +1100 > Received: from rly-xw01.mx.aol.com ([153.196.56.114]) by > da001d2020.lax-ca.osd.concentric.net with SMTP; Dec, 05 2002 3:39:50 > AM +0600 > Received: from unknown (164.203.204.135) by a231242.upc-a.chello.nl > with SMTP; Dec, 05 2002 2:39:42 AM +0700 Also having Received: headers below the message ID line is a pretty good indication of forged headers... Seeing as it's your ezekiel.daleco.biz server that's assigned the Message-Id:, probably none of those Received: headers mean anything. Then there's the Subject: line. Alas, there is no sure-fire way of catching every bit of spam, but this one looks like it should be a pretty easy slam-dunk for most anti-spam software. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message