Koree
Koree A. Smith wrote:
Dan,
In a perfect BOFH world, I would just block 211.0.0.0/8 :D But, I'd say the best way to filter out that subject line would be just by using the the Imail filters. It's very unlikely that a legit message would ever use that *exact* subject, so I think you'd be okay.
Koree
Dan Geiser wrote:
Hello, All,
I have a question concerning the best way to go about filtering out a
specific e-mail message. For an overview of the current state of our spam
filtering setup please see an e-mail I just sent to the list with the
subject "Where I'm At Now and Where Should I Be Going?".
OK, below I have included the headers for an e-mail that one of my users forwarded to me. I have removed the username...
==================================================
From <[EMAIL PROTECTED]> Fri Feb 28 00:58:23 2003
Received: from SMTP32-FWD by pagerover.com
(SMTP32) id A0000116C; Fri, 28 Feb 2003 00:58:23 -0500
Received: from mdkpower.dkpower.com [211.241.219.3] by pagerover.com with
ESMTP
(SMTPD32-6.06) id AA7C27540134; Fri, 28 Feb 2003 00:58:20 -0500
Received: from smtp0210.mail.yahoo.com ([206.169.238.250]) by
mdkpower.dkpower.com with Microsoft SMTPSVC(5.0.2195.4453);
Fri, 28 Feb 2003 15:01:02 +0900
Date: Fri, 28 Feb 2003 05:59:32 GMT
From: "mcgough "<[EMAIL PROTECTED]>
X-Priority: 3
To: <user>@pagerover.com
Subject:
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Return-Path: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 28 Feb 2003 06:01:03.0063 (UTC)
FILETIME=[C651D670:01C2DEEE]
X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED]
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent
with spam [6000110f].
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam
[6000110f].
X-Declude-Sender: [EMAIL PROTECTED] [211.241.219.3]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: NOPOSTMASTER, IPNOTINMX, ROUTING, SPAMHEADERS [8]
X-UIDL: 8513
Status: R
==================================================
The current "hold weight" for PAGEROVER.COM is WEIGHT12. Obviously the weight of this message is substantially lower than that.
I could use my SENDERBLOCK list to block this individual sender
([EMAIL PROTECTED]) but that seems to specific a solution, i.e. a
waste of a perfectly good entry which could so so much more. And I can't go
too general and use the domain (comcast.net) because I'm sure there's much
legitimate e-mail emanating from the domain name. I know there has to be a
test built into Declude for situations like this but I'm not quite sure
where to look. Does anyone have a suggestion as to how they would handle
this situation?
All feedback is appreciated.
Thanks, Much! Dan Geiser [EMAIL PROTECTED]
==================================================================== This E-mail is scanned and free from viruses. www.nexustechgroup.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
