Hopeful news for Sniffer users on this - Pete McNeil (per Sniffer list) is working on some new rules for these. He's waiting on tally results and could release them thereafter.
John C -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, June 06, 2006 8:36 AM To: [email protected] Subject: RE: [Declude.JunkMail] Please take a look at this - forged mail headers? I have been receiving these numeric SPAMs since Monday morning. I have been tagging them (there is not enough there to DELETE it). This means that my DNS etc tests are running and ACTIONs are being taken. Matt pointed out that perhaps the NO ACTION bug is with a NULL sender and these numeric SPAMs have the from and to as the same address. I am running Declude 4.1.0 and IMail 8.15 Goran Jovanovic Omega Network Solutions > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John > Carter > Sent: Tuesday, June 06, 2006 8:52 AM > To: [email protected] > Subject: RE: [Declude.JunkMail] Please take a look at this - forged mail > headers? > > I'm getting the same for several days. There are few recent comments over > on the Imail forum, but nothing that clears up their purpose. > > What I find worrisome over the few weeks is the increase of all the > various spam problems. Number of Nigerian letters are way up; spam > coming through > passing most all of the tests or with very low score are up; etc. Add to > it > the recent "discovery" of spam failing Declude tests but getting NO > ACTIONS WERE TAKEN. > > John C > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave > Beckstrom > Sent: Monday, June 05, 2006 10:24 PM > To: [email protected] > Subject: [Declude.JunkMail] Please take a look at this - forged mail > headers? > > I've been receiving some strange spam today on various email addresses of > ours. Its almost like they are profiling various addresses to see if they > are working. > > The "from" and "to" addresses are the same email address and they are > valid addresses on our domain. However, it appears they are forging headers. > Can > someone take a look at these headers and tell me if its something I need > to > worry about? The body of the emails are a series of 3 to 4 numbers -- > nothing meaningful. Which is why I think we are being profiled for some > nefarious reason. The return-path, from and to address, smtp sender and > message-id all look like valid headers for our mail server. However, the > "sever name" is obviously not ours. So they aren't sending via our mail > server (we haven't been hacked) however everything else is forged. What > would be the purpose? > > Here are the headers: > > Return-Path: <[EMAIL PROTECTED]> Mon Jun 05 22:03:23 2006 > Received: from catv25.avis.ne.jp [202.247.193.25] by perseus.sixthweb.com > with SMTP; > Mon, 5 Jun 2006 22:03:23 -0500 > Date: Tue, 06 Jun 2006 11:59:17 +0900 > To: "Racing" <[EMAIL PROTECTED]> > From: "Racing" <[EMAIL PROTECTED]> > Subject: 586876 > Message-ID: <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: text/html; charset="us-ascii" > Content-Transfer-Encoding: 7bit > X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail. > X-RBL-Warning: Filter_Country: Message failed Filter_Country test (line > 110, > weight 3) > X-Note: ======================================== > X-Note: Spam Score: [4] > X-Note: Scan Time: 22:03:35 on 05 Jun 2006 > X-Note: Spool File: 30844292.EML > X-Note: Server Name: catv25.avis.ne.jp > X-Note: SMTP Sender: [EMAIL PROTECTED] > X-Note: Reverse DNS & IP: catv25.avis.ne.jp [202.247.193.25] > X-Note: Recipient(s): <fwd>[EMAIL PROTECTED] > X-Note: Country Chain: JAPAN->destination > X-Note: Failed Weights: SPFUNKNOWN [1], Filter_Country [3] > X-Note: ======================================== > X-Rcpt-To: <[EMAIL PROTECTED]> > > > --- > [This E-mail scanned for viruses by Declude Virus] > > > [This E-mail scanned for viruses by Declude EVA] > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > > > [This E-mail scanned for viruses by Declude EVA] > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. [This E-mail scanned for viruses by Declude EVA] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. [This E-mail scanned for viruses by Declude EVA] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
