someone is using the header_check that are listed on the postfix site here's the check
/^Subject: .*ADV/!/.*Advisory/ REJECT # This exclude fixes BugTraq Advisories don -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Len Conrad Sent: Friday, January 03, 2003 12:02 PM To: [EMAIL PROTECTED] Subject: [IMGate] Fwd: Bounced message for 'imgate' WTF is this? A lot of IMGAte msgs today are bouncing with the bugtraq thingy. what's up? =================== >Date: Fri, 03 Jan 2003 20:51:59 +0100 (CET) >From: Listar <[EMAIL PROTECTED]> >To: Members flagged CCERRORS of list imgate <[EMAIL PROTECTED]> >Subject: Bounced message for 'imgate' >X-RCPT-TO: <[EMAIL PROTECTED]> > >The following error message was delivered to the bounce address >for the list 'imgate' from 'MAILER-DAEMON'. > >You are receiving this because you have the CCERRORS flag set. > >User: [EMAIL PROTECTED] > (500) host nospama.ntcom.com[216.100.52.101] said: 550 > >--------------- Error message follows ---------------------- >Return-Path: <> >Delivered-To: [EMAIL PROTECTED] >Received: by ns2.MEIway.com (Postfix) > id D56C9E916; Fri, 3 Jan 2003 20:51:55 +0100 (CET) >Date: Fri, 3 Jan 2003 20:51:55 +0100 (CET) >From: [EMAIL PROTECTED] (Mail Delivery System) >Subject: Undelivered Mail Returned to Sender >To: [EMAIL PROTECTED] >MIME-Version: 1.0 >Content-Type: multipart/report; report-type=delivery-status; > boundary="69B10E95A.1041623515/ns2.MEIway.com" >Message-Id: <[EMAIL PROTECTED]> > >This is a MIME-encapsulated message. > >--69B10E95A.1041623515/ns2.MEIway.com >Content-Description: Notification >Content-Type: text/plain > >This is the Postfix program at host ns2.MEIway.com. > >I'm sorry to have to inform you that the message returned >below could not be delivered to one or more destinations. > >For further assistance, please send mail to <postmaster> > >If you do so, please include this problem report. You can >delete your own text from the message returned below. > > The Postfix program > ><[EMAIL PROTECTED]>: host nospama.ntcom.com[216.100.52.101] said: 550 Error: # > This exclude fixes BugTraq Advisories > >--69B10E95A.1041623515/ns2.MEIway.com >Content-Description: Delivery error report >Content-Type: message/delivery-status > >Reporting-MTA: dns; ns2.MEIway.com >Arrival-Date: Fri, 3 Jan 2003 20:49:48 +0100 (CET) > >Final-Recipient: rfc822; [EMAIL PROTECTED] >Action: failed >Status: 5.0.0 >Diagnostic-Code: X-Postfix; host nospama.ntcom.com[216.100.52.101] said: 550 > Error: # This exclude fixes BugTraq Advisories > >--69B10E95A.1041623515/ns2.MEIway.com >Content-Description: Undelivered Message >Content-Type: message/rfc822 > >Received: from ns2.meiway.com (ns2.meiway.com [212.73.210.72]) > by ns2.MEIway.com (Postfix) with ESMTP > id 69B10E95A; Fri, 3 Jan 2003 20:49:48 +0100 (CET) >Received: with LISTAR (v1.0.0; list imgate); Fri, 03 Jan 2003 20:49:40 >+0100 (CET) >Delivered-To: [EMAIL PROTECTED] >Received: from VirusGate.MEIway.com (virus-gate.meiway.com [212.73.210.91]) > by ns2.MEIway.com (Postfix) with ESMTP id 77526E916 > for <[EMAIL PROTECTED]>; Fri, 3 Jan 2003 20:49:37 +0100 (CET) >Received: from localhost (localhost.meiway.com [127.0.0.1]) > by VirusGate.MEIway.com (Postfix) with SMTP id 5A84E5D009 > for <[EMAIL PROTECTED]>; Fri, 3 Jan 2003 20:51:09 +0100 (CET) >Received: from ms1.meiway.com (ms1.meiway.com [212.73.210.73]) > by VirusGate.MEIway.com (Postfix) with ESMTP id EF6FF5D008 > for <[EMAIL PROTECTED]>; Fri, 3 Jan 2003 20:51:08 +0100 (CET) >Received: from tx0-go2france-c.MEIway.com [66.64.14.18] by ms1.meiway.com >with ESMTP > (SMTPD32-6.06) id AC884C0031A; Fri, 03 Jan 2003 21:03:20 +0100 >Message-Id: <[EMAIL PROTECTED]> >X-Sender: [EMAIL PROTECTED]@ms1.meiway.com >X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 >Date: Fri, 03 Jan 2003 13:49:24 -0600 >To: [EMAIL PROTECTED] >From: Len Conrad <[EMAIL PROTECTED]> >Subject: [IMGate] Re: Yet more advise please... >In-Reply-To: <06ea01c2b35d$756b4550$[EMAIL PROTECTED]> >References: <[EMAIL PROTECTED]> >Mime-Version: 1.0 >Content-type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 8bit >X-listar-version: Listar v1.0.0 >Sender: [EMAIL PROTECTED] >Errors-To: [EMAIL PROTECTED] >X-original-sender: [EMAIL PROTECTED] >Precedence: bulk >Reply-To: [EMAIL PROTECTED] >List-help: <mailto:[EMAIL PROTECTED]?Subject=help> >List-unsubscribe: ><mailto:[EMAIL PROTECTED]?subject=unsubscribe%20IMGate> >List-software: Listar version 1.0.0 >X-List-ID: IMGate users <imgate.NS2.MEIway.com> >List-subscribe: <mailto:[EMAIL PROTECTED]?subject=subscribe%20IMGate> >List-owner: <mailto:[EMAIL PROTECTED]> >List-post: <mailto:[EMAIL PROTECTED]> >List-archive: <http://www.mail-archive.com/imgate%40ns2.meiway.com/> >X-list: imgate > > > > >I'm just trying to decide what the best way to deal with this particular > >message. > >does [EMAIL PROTECTED] pass SAV? > > >Also, I was wondering why they had my brand new imgate machines listed > >in the "to:" area. > >put your imgate hostname in from_senders_mybogus.map along with all of your >domains taken from transport.map, to reject most of these forgeries. > >Len > > > >--69B10E95A.1041623515/ns2.MEIway.com-- >--------------- Error message done ------------------------- > >--- >Listar v1.0.0 - job execution complete.
