hi Spam with the "mail to" and "mail from" as same email id
Using a different email server, i email from [email protected] (with different auth credentials) to [email protected] (my mail server where xxxxxx.com is hosted) the email came thru with the following headers ############### RFC822 Message body Return-Path: <[email protected]> Delivered-To: [email protected] Received: (qmail 12267 invoked by uid 89); 1 May 2009 02:15:10 -0000 Received: by simscan 1.3.1 ppid: 12262, pid: 12264, t: 0.0694s scanners: attach: 1.3.1 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ns1.xxxxxx.com X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE, STOX_REPLY_TYPE,TVD_SPACE_RATIO autolearn=disabled version=3.2.5 Received: from unknown (HELO ns1.yyyyy.com) (208.115.35.224) by ns1.xxxxxx.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 1 May 2009 02:15:10 -0000 Received-SPF: fail (ns1.xxxxxx.com: SPF record at xxxxxx.com does not designate 208.115.35.224 as permitted sender) Received: (qmail 14831 invoked by uid 89); 1 May 2009 01:49:41 -0000 Received: by simscan 1.3.1 ppid: 14752, pid: 14790, t: 1.4497s scanners: attach: 1.3.1 Received: from unknown (HELO inic1) ([email protected]@59.184.138.203) by ns1.yyyyyy.com with ESMTPA; 1 May 2009 01:49:40 -0000 Message-ID: <001e01c9ca03$40b50e90$1401a...@inic1> From: "xxxxxx.com" <[email protected]> To: <[email protected]> Subject: xxxxxx Date: Fri, 1 May 2009 07:49:20 +0530 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 corpmailserver ############### > Have you received this type of spam since installing spamdyke? If so, > please post the headers from an example. > > Have you modified the spamdyke configuration that qtp-install-spamdyke > installed? > > If not, you might try enabling reject-ip-in-cc-rdns if that's feasible > for your use. See spamdyke documentation (http://spamdyke.org) for > details. > > If so, please post your spamdyke configuration. > > [email protected] wrote: >> hi >> >> i have QTP with spamdyke implemented and running on my server >> >> i read thru spamdyke configuration details but did not find anything >> specific that will actually block spam mail with the "from" and "to" >> address as the same but originating from a unknown server. >> Can you point me as to which specific configuration will actually track >> this and help me to block such mails? >> >> >> by the way i found a spamassassin plugin that blocks emails where the >> "mail from" different from the "reply to" which i am posting seperately >> incase it is useful for somebody -- this blocks tons of email list spam >> with minimal load on spamassassin. >> >> >> thanks >> rajesh >> >> >> >> >> >>> Simply run the qtp-install-spamdyke script, and spamdyke will be >>> installed for you. Be sure to update to the current QTP before doing >>> so, >>> as an older version of QTP might install an older version of spamdyke, >>> or the older QTP might not contain the qtp-install-spamdyke script at >>> all. See http://wiki.qmailtoaster.com/index.php/Spamdyke for more. >>> >>> There is absolutely no harm in updating QTP. It is benign in and of >>> itself. It's only when you run some of the QTP tools that your QMT >>> configuration might change. >>> >>> I hope that answers your question. >>> >>> [email protected] wrote: >>>> hi >>>> >>>> we are indeed using qmailtoaster plus (QTP) >>>> >>>> but i would like to know which specific configuration of QTP is >>>> related >>>> to >>>> this ? >>>> >>>> thanks >>>> rajesh >>>> >>>> >>>> >>>> >>>>> [email protected] wrote: >>>>>> hi >>>>>> >>>>>> in spamassassin i generally whitelist specific domains >>>>>> >>>>>> whitelist_from_rcvd *[email protected] friendlydomain.com >>>>>> whitelist_from_rcvd *[email protected] abc.friendlydomain.com >>>>>> whitelist_from_rcvd *[email protected] xyz.friendlydomain.com >>>>>> >>>>>> i know for sure that the emails from *[email protected] and coming >>>>>> from >>>>>> different ip addressess - friendlydomain.com, abc.friendlydomain.com >>>>>> and >>>>>> xyz.friendlydomain.com are good email >>>>>> >>>>>> what i need to do is blacklist emails from *[email protected] if >>>>>> they >>>>>> are NOT from friendlydomain.com, abc.friendlydomain.com and >>>>>> xyz.friendlydomain.com since i know for sure that emails from >>>>>> *[email protected] will not originate from any other server. >>>>>> >>>>>> >>>>>> is there is method for this ? >>>>> As Jake explained, no. Spamassassin won't catch this type of spam. >>>>> >>>>> Use spamdyke. There is a script in qmailtoaster-plus >>>>> (http://qtp.qmailtoaster.com) that will install it for you. It will >>>>> lighten the load on your server as well. >>>>> >>>>>> rajesh >>>>>> >>>>>> >>>>>>> FWIW, I have a user who does this periodically to save various >>>>>>> things, >>>>>>> so for me it's not spam. >>>>>>> >>>>>>> Are you using spamdyke? I'd be surprised if spamdyke didn't catch >>>>>>> the >>>>>>> emails in question. >>>>>>> >>>>> -- >>>>> -Eric 'shubes' >>> >>> -- >>> -Eric 'shubes' >>> > > > -- > -Eric 'shubes' > > > --------------------------------------------------------------------------------- > Managed Qmailtoaster servers are now available > Visit http://qmailtoaster.com/QMTManaged.html to order yours today! > > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------------------- Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
