Quoting Mike Marion <[EMAIL PROTECTED]>:
The real clue that it's from forged headers is the from that was used
is usually nothing like any address I actually have locally. I do
filter * into a spam holder so I can try to catch when this happens
though.
Wow.. this made me do a quick poke in my log files to see how much
mail has fallen into that default account. Meaning that it's likely
spam backscatter bouncing... way more then I'd have thought:
=== 2006 ===
46 Dec
=== 2007 ===
30 Dec
1976 Jan
1427 Feb
859 Mar
904 Apr
402 May
1213 Jun
851 Jul
4396 Aug
1007 Sep
564 Oct
745 Nov
919 Dec
=== 2008 ===
35 Dec
1466 Jan
1100 Feb
975 Mar
134 Apr
Looking at my spam graphs I cooked up when I turned on grey-listing:
http://www.miguelito.org/spam-stats/
especially if you click on the graph to see the huge (wide) one..
grey-listing has basically lost all it's gains over the last 6-7
months. Or worse yet, there're that many spammers that realized
resending would get around grey-listing on top of the stuff that's
still just blasted out once.
Think I need to ratchet up the rules in my MX box to try to lower some
of that.
--
Mike Marion-Unix/Linux Admin-http://www.miguelito.org
Give a man a match and he'll be warm for an hour... Set him on fire
and he'll be
warm for the rest of his life
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
