søn, 21.08.2005 kl. 12.03 skrev [EMAIL PROTECTED]:
> >> > According to the auto-ignore I just got from msn.com, it looks like they
> >> > will be ignoring complaints about spaces msn com spam because it doesn't
> >> > originate from an msn.com email address:
> >>
> >> This seams to be a common approach today from the MS mail providers.
> >> Just got
> >> the reply below for a complaint about some spam from a hotmail server
> >> (bay5-f13.bay5.hotmail.com [65.54.173.13]) without a hotmail address as
> >> envelope sender :
> >>
> >> "Unfortunately, we cannot take action on the mail you sent us
> >> because it does
> >> not reference a Hotmail account. Please send us another message that
> >> contains
> >> the full Hotmail e-mail address and the full e-mail message to:
> >> [EMAIL PROTECTED]"
> >>
> >> I guess i should block the whole *.hotmail.com crap anyway...
> >
> > That would be stupid.
> >
> > Get yourself a proper MTA, such as Postfix 2.1.x or more recent. If you
> > already have it and are using it, learn to configure it. My site,
> > mail.barlaeus.nl (1150+ users, Postfix 2.1.5), using gld greylisting
> > *and* recent amavisd-new for AV, gets masses of Hotmail stuff,
> > obviously.
>
> We are using Postfix 2.2.5, some RBLs, greylisting and no, *content-filtering*
> is not a additional option. Furthermore in europe nearly no one which uses
> e-mail for serious purposes would use a hotmail account.
>
> >
> > If you want to reject spam from hotmail addresses, they should
> > definitely have a hotmail envelope sender address.
>
> They should but, they did not (see below). For sure from a hotmail server, but
> with no hotmail envelope sender. It seams that the hotmail abuse desk
> is on the
> same track refusing to believe what they don't want to happen.
>
> Received: from hotmail.com (bay15-f1.bay15.hotmail.com [65.54.185.1])
> by mailin.kwsoft.de (Postfix) with ESMTP id 6725A51F45
> for <[EMAIL PROTECTED]>; Tue, 16 Aug 2005 04:43:54 +0200 (CEST)
> Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
> Mon, 15 Aug 2005 19:43:50 -0700
> Received: from 83.229.100.31 by by15fd.bay15.hotmail.msn.com with HTTP;
> Tue, 16 Aug 2005 02:43:50 GMT
Indeed, sorry. Seems that Hotmail relays for certain clients - my own
site doesn't get any of those. I get much mail to my users (teachers,
pupils and directors at an Amsterdam high school) and simply can't block
hotmail servers.
Ripe gives 83.229.100.31 as belonging to
inetnum: 83.229.0.0 - 83.229.127.255
org: ORG-SGN1-RIPE
netname: UK-SKYVISION-20040513
descr: PROVIDER Local Registry
descr: SkyVision Global Networks
organisation: ORG-SGN1-RIPE
org-name: SkyVision Global Networks
org-type: LIR
address: SkyVision Global Networks
Kinetic Business Centre
Theobald Street
Borehamwood
Hertfordshire WD6 4PJ
United Kingdom
phone: +44 20 8387 1750
fax-no: +44 20 8387 4004
e-mail: [EMAIL PROTECTED]
who is obviously sending you spam. harryklappas.net is a genuine domain
and is looked after by msn.com, says (BIND's) dig; complaining to
SkyVision Global Networks is obviously not going to get you anywhere -
though you could try, I suppose.
I'd use either one of two methods in such a case:
1: pcre header checks on Received: headers, which is very effective but
initially demands much work (which drops off after a while, unless
you've a large volume site). I'd reject:
/Received:\sfrom\s+83\.229\.(?:[0-1]|[0-9][0-9]|[0-9][0-9][0-9]|[0-1][0-2][0-7])\.\d{1,3}/
and whatever more of the header you want; can most probably be done far more
elegantly, but works in pcretest;
2: People on this list aren't going to love me any more for this, but
nevertheless "it works for me" and is *far* more effective: Teaching
each such spam to dspam (no, not SA ;) running in group mode (I use
dspam 3.5 as a daemon with a MySQL 4.0 backend) would be very effective
and need very little training.
--Tonni
> Message-ID: <[EMAIL PROTECTED]>
> X-Originating-IP: [83.229.100.31]
> X-Originating-Email: [EMAIL PROTECTED]
> X-Sender: [EMAIL PROTECTED]
> Reply-To: [EMAIL PROTECTED]
> From: "Harry Klappas" <[EMAIL PROTECTED]>
> Subject: FOR THY LORD
> Date: Tue, 16 Aug 2005 02:43:50 +0000
> Mime-Version: 1.0
> Content-Type: text/plain; format=flowed
> X-OriginalArrivalTime: 16 Aug 2005 02:43:50.0858 (UTC)
> FILETIME=[558DA2A0:01C5A20C]
> To: undisclosed-recipients: ;
>
>
> Same problem with uk.tiscali.com btw.
--
To Liza Picquard (?), by Phil Williams on BBC Radio 5, Wed. 10th Aug.
2005, 15:59 CEST:
"What is your definition of 'poor'?"
"Well, if your only occupation is collecting dog turds for a living,
you're pretty poor ..."
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
AMaViS-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
