Am 2008-06-29 07:07:58, schrieb thadcoco:
servers. Virtually all these emails are being sent from a zombie at a single
IP.
OK
i.e.: All the messages contain the following line somewhere within:
Received: from d04m-89-83-98-193.d4.club-internet.fr ([89.83.98.193])
I can't figure out how
Am 2008-06-29 10:55:19, schrieb thadcoco:
I just tried, but it doesn't work either. Recall that the nasty IP is
wrapped as part of an attachment. I need to be able to scan the entire raw
message with either SA or I suppose procmail.
Don't be to complicate and EGREP the BODY for it:
:0B
/
describe ANNOYING_SPAMMER Mark mail touched by specific IP as spam
score ANNOYING_SPAMMER 15
---
--
View this message in context:
http://www.nabble.com/Being-Buried-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18181167.html
Sent from the SpamAssassin - Users mailing list
In postfix I have /etc/postfix/header_checks
/x.x.x.x/DROP
I'm sure sendmail has something similar?
thadcoco wrote:
Hi All,
My server CentOS 4, Sendmail, MailScanner (SA ClamAV) is being buried by
spoofed emails that are bounced back to my domain by the recipient's
servers. Virtually
On Sun, 29 Jun 2008 07:07:58 -0700 (PDT), thadcoco
[EMAIL PROTECTED] wrote:
Hi All,
My server CentOS 4, Sendmail, MailScanner (SA ClamAV) is being buried by
spoofed emails that are bounced back to my domain by the recipient's
servers. Virtually all these emails are being sent from a zombie at
On Sun, 29 Jun 2008 07:07:58 -0700 (PDT), thadcoco
[EMAIL PROTECTED] wrote:
Can you not block them at your router or firewall? Then
they are not taking up threads either. It's how I deal
with heavy hitters.
Nigel
I understood that the d04m-89-83-98-193.d4.club-internet.fr was the
--On Sunday, June 29, 2008 7:07 AM -0700 thadcoco [EMAIL PROTECTED]
wrote:
i.e.: All the messages contain the following line somewhere within:
Received: from d04m-89-83-98-193.d4.club-internet.fr ([89.83.98.193])
I can't figure out how to mark any messages that originally sourced from
then makes my rules all fail.
I had even considered killing any and all email that are bounces, but then
no one on my server would ever know if a legit email they sent got
bounced...
Thanks!
Thad
--
View this message in context:
http://www.nabble.com/Being-Buried-In-Returned-Email---Need-To-Mark
Hi!
i.e.: All the messages contain the following line somewhere within:
Received: from d04m-89-83-98-193.d4.club-internet.fr ([89.83.98.193])
I can't figure out how to mark any messages that originally sourced from
that IP so that that can be dropped by Procmail (that approach would appears
to
/Being-Buried-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18183545.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
be harder to add other offending IPs in the
future.
--
View this message in context:
http://www.nabble.com/Being-Buried-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18183661.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Hi!
And exactly why dont you block those on your MTA? Bit waste on CPU cycles
like this... first process then, and then trash it anyway.
Well, mostly because I don't have any idea how to do so at the MTA level
and also I would think it would be harder to add other offending IPs in
the
thadcoco wrote:
Hi All,
My server CentOS 4, Sendmail, MailScanner (SA ClamAV) is being buried by
spoofed emails that are bounced back to my domain by the recipient's
servers. Virtually all these emails are being sent from a zombie at a single
IP.
i.e.: All the messages contain the following
On Sun, 2008-06-29 at 10:55 -0700, thadcoco wrote:
While if I can make this work at the procmail level, I would think it would
be better to use SA, because rules can be tested more easily using --lint.
Thoughts?
Where you do it depends on what tool chain you're using. Since you want
to
On Sun, 2008-06-29 at 20:44 +0200, Raymond Dijkxhoorn wrote:
And exactly why dont you block those on your MTA? Bit waste on CPU cycles
like this... first process then, and then trash it anyway.
Well, mostly because I don't have any idea how to do so at the MTA level
and also I would
Hi!
You can even drop the IP with a route command.
Do: route add -host ip reject
Not if the IP address you want to block is several MTA relay hops
removed from you.
Ok. I think i missed that ;)
Bye,
Raymond.
:
http://www.nabble.com/Being-Buried-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18187451.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18181167.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
18 matches
Mail list logo
