Andy, Habeas has not been compromised. Since Saturday, a spammer has been using the Habeas "warrant" in the headers to get his junk past configurations like yours.
This header text is easy to insert. Note that the X-Mailer: header is also being faked. Each of the spams I've seen like this have come through a "zombie" on a consumer broadband computer. And is advertising one of three domain names. The general consensus is that you shouldn't WHITELIST on any easily forged text, including the Habeas warrant. Check the archive in the last few days for this list for more discussion and sample configurations that have shared. http://www.mail-archive.com/[EMAIL PROTECTED]/ Andrew 8) -----Original Message----- From: andyb [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:13 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] whitelisted HI, I'm getting spam, and it is being whitelisted because of HABEAS... Here are the headers. These emails are definately spam. Looks like HABEAS has been compromised? Comments Please. thanks, Andy Received: from cs78191007.pp.htv.fi [62.78.191.7] by thumpernet.com (SMTPD32-6.06) id A0E113013E; Tue, 13 Jan 2004 12:54:41 -0500 Received: from 240.80.76.18 by 81.218.114.4; Tue, 13 Jan 2004 03:42:04 -0200 Message-ID: <[EMAIL PROTECTED]> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>. From: "Blaine Shaffer" <[EMAIL PROTECTED]> Reply-To: "Blaine Shaffer" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: GOT Valī(u)m, Viagr@, X(a)[EMAIL PROTECTED], Som@ Di3t Pills Many M3ds Y5iov Date: Tue, 13 Jan 2004 04:49:04 -0100 X-Mailer: NetJunction (NetJunction 5.0-p1)/MIME MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--891940459175399" X-Priority: 5 X-Declude-Sender: [EMAIL PROTECTED] [62.78.191.7] X-RBL-Warning: Total weight: 0 X-Note: Total spam weight of this E-mail is 0. X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-RCPT-TO: <[EMAIL PROTECTED]> X-UIDL: 370486507 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.