-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here is the syslog entry associated with this repetitive spam (based on the [EMAIL PROTECTED] message):
^[[B^[[BOct 20 08:57:26 lapdog postfix/smtpd[9542]: connect from localhost.localdomain[127.0.0.1] Oct 20 08:57:26 lapdog postfix/smtpd[9542]: warning: Illegal address syntax from localhost.localdomain[127.0.0.1] in MAIL command: <Received:[EMAIL PROTECTED];Oct> Oct 20 08:57:27 lapdog postfix/smtpd[9543]: connect from localhost.localdomain[127.0.0.1] Oct 20 08:57:27 lapdog postfix/smtpd[9543]: 6E5C86F97: client=localhost.localdomain[127.0.0.1] Oct 20 08:57:27 lapdog postfix/cleanup[9544]: 6E5C86F97: message-id=<[EMAIL PROTECTED]> Oct 20 08:57:27 lapdog postfix/nqmgr[1657]: 6E5C86F97: from=<[EMAIL PROTECTED]>, size=2068, nrcpt=1 (queue active) Oct 20 08:57:27 lapdog postfix/smtpd[9543]: disconnect from localhost.localdomain[127.0.0.1] Oct 20 08:57:28 lapdog postfix/smtpd[9542]: disconnect from localhost.localdomain[127.0.0.1] Here is the message I see in full, separated into headers and message body: Headers: Return-Path: <[EMAIL PROTECTED]> X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from localhost (localhost.localdomain [127.0.0.1]) by lapdog.ravenhome.net (Postfix) with ESMTP id 64EB36F36 for <[EMAIL PROTECTED]>; Mon, 20 Oct 2003 09:00:30 -0400 (EDT) X-Apparently-To: [EMAIL PROTECTED] via 216.136.173.225; Mon, 20 Oct 2003 05:57:26 -0700 Received: from pop.vip.sc5.yahoo.com [216.136.173.10] by localhost with POP3 (fetchmail-6.2.1) for [EMAIL PROTECTED] (single-drop); Mon, 20 Oct 2003 08:00:30 -0500 (EST) Received: from 128.210.210.51 (EHLO lapdog.ravenhome.net) (128.210.210.51) by mta104.mail.scd.yahoo.com with SMTP; Mon, 20 Oct 2003 05:57:26 -0700 Received: from localhost (localhost.localdomain [127.0.0.1]) by lapdog.ravenhome.net (Postfix) with SMTP id 6E5C86F97 for <praedor>; Mon, 20 Oct 2003 08:57:27 -0400 (EDT) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="foo-mani-padme-hum-1777-1-1066654647" Message-Id: <[EMAIL PROTECTED]> Date: Mon, 20 Oct 2003 08:57:27 -0400 (EDT) X-Spam-Status: No, hits=1.2 required=5.0 tests=MAILTO_TO_SPAM_ADDR,NO_REAL_NAME version=2.54 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 2.54 (1.174.2.17-2003-05-11-exp) Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: End of Headers. Message body: General SMTP/ESMTP error. <here is the actual misconfigured spam file...see at bottom> X-Apparently-To: [EMAIL PROTECTED] via 216.136.173.226; Fri, 17 Oct 2003 22:52:58 -0700 X-YahooFilteredBulk: 24.61.30.135 Received: from 24.61.30.135 (HELO 67.164.237.213) (24.61.30.135) by mta154.mail.scd.yahoo.com with SMTP; Fri, 17 Oct 2003 22:52:58 -0700 Received: from [177.34.196.8] by f64.law4.hotmail.com with NNFMP; Oct, 18 2003 12:36:28 AM -0200 Received: from 105.183.205.243 ([105.183.205.243]) by smtp-server1.cfl.rr.com with QMQP; Oct, 17 2003 11:27:32 PM +1200 From: uvnRuth Cawdell <[EMAIL PROTECTED]> To: Undisclosed [EMAIL PROTECTED] Cc: [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED] Subject: Presription Meds givp Sender: uvnRuth Cawdell <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Sat, 18 Oct 2003 01:54:51 -0400 X-Mailer: Microsoft Outlook Build 10.0.2627 End of message body. Here is the actual spam file contents attached to the above message: Reporting-MTA: dns; localhost Final-Recipient: rfc822; [EMAIL PROTECTED] Last-Attempt-Date: Mon, 20 Oct 2003 07:57:27 -0500 (EST) Action: failed Status: 5.0.0 Diagnostic-Code: 501 Bad address syntax End of misconfigured spam. I get a new one of these every time my fetchmail daemon contacts my ISP pop mail server. I can eliminate the messages if I add this to my /etc/procmailrc (I run it globally): :0 * [EMAIL PROTECTED] /dev/null When I have tried to key off components of the message, such as "X-YahooFilteredBulk: 24.61.30.135" or variations I still get the message. Spamassassin doesn't catch this message as it is screwed up (it gives a 1.2/5.0, far below what would be needed to identify it as spam and get /dev/nulled by my other procmailrc recipe (which is working fine): :0 * ^X-Spam-Status: Yes /dev/null As it is, EVERY time I hear the tone indicating new messages, I am absolutely certain to see more of these messages unless I /dev/null anything from fetchmail-daemon, which seems rather problematic - there may be messages from the daemon I would be interested in receiving. praedor On Monday 20 October 2003 05:59 am, Bryan Phinney wrote: > On Sunday 19 October 2003 09:17 pm, Praedor Atrebates wrote: > > I have receive over 100 of these today alone. Nothing i've tried with > > procmail recipes has worked. I cannot stop this nonsense. The from > > address is my own fetchmail-daemon: > > [EMAIL PROTECTED] > > > > I am considering having all fetchmail-daemon emails sent to dev/null but > > fear the repercussions. > > You should probably try to see what the exact message is. If Fetchmail is > encountering an error, you may need to fix the error. For instance, my > Postfix mail server is set to reject messages with invalid From headers and > sometimes malformed spam is sent to my ISP mailbox with just such invalid > headers. Since the ISP mail server is not as picky, Fetchmail tries to > deliver to Postfix which rejects the message and then Fetchmail, doesn't > delete the message because it did not recieve an ack from the mail server. > It will try to do this repeatedly until the message is cleared. > > If you know what is causing the problem, you can instruct Fetchmail to > regard the error code generated by Postfix as a bounce and then Fetchmail > will discard the message. Your message may be something similar. > > Why not attach a copy so that we can see it? - -- "Our ship is in the hands of pilots who are steering directly under full sail for a rock. The whole crew may see this course to violate our liberties in full view if they look the right way." - --Samuel Adams, 1771 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/k98JaKr9sJYeTxgRAuadAJ4mgb6MXf8xh0IInuKYMeMWKmC3QQCgq5T4 Bf6USQl1AFQz5duKionMrLY= =5YBZ -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com