Hello all! I have recently come across a few spams that I am trying to
block. The anatomy of the message probably isn't new to most of you,
but when I try to recreate the spoofed sections that I wish to filter by
hand over telnet, its clear that I am not understanding how the messages
are being built. Example to follow below:
note the from line is spoofed to be [email protected],
[email protected], [email protected]. Which appears to my users
as coming from a user in my domain. Id like to filter against this, but
when I go into telnet and try to make a mail with a from field so
deformed, my mail server spits back "I can break things too" and quits
my connection. How can I manually recreate this spoof so that I can
learn how to filter it out?
Thanks for your pointers!
Joshua Kordani
[email protected]
X-Account-Key: account2
X-Mozilla-Keys:
Return-Path: <[email protected]>
Received: from murder ([unix socket])
by mydomain.com (Cyrus v2.3.7-Invoca-RPM-2.3.7-2.el5) with LMTPA;
Thu, 25 Feb 2010 11:20:39 -0500
X-Sieve: CMU Sieve 2.3
Received: from localhost (mylocalhostname [127.0.0.1])
by mydomain.com (Postfix) with SMTP id 6C663D8863
for <[email protected]>; Thu, 25 Feb 2010 11:20:39 -0500 (EST)
Received: from work.frailich.com (work.frailich.com [64.120.12.102])
by mydomain.com (Postfix) with SMTP id 01F22D8854
for <[email protected]>; Thu, 25 Feb 2010 11:20:38 -0500 (EST)
To: <[email protected]>
From: [email protected], [email protected]
Reply-To: <[email protected]>
Subject: Bathroom Remodeling Ideas
Date: Thu, 25 Feb 2010 11:20:37 -0500
MIME-Version: 1.0
Content-type: text/html
Message-Id: <[email protected]>
X-Antispam: NO; Spamcatcher 4.1.11. Score 57
