My router now reads:
<admin*> = spamtrap <[EMAIL PROTECTED]> = error
At the top of the other router entries.
Today's SIMS log reads:
13:02:19 2 SMTP-082([67.60.19.41]) {S.0000019249} received, 32484 bytes
13:02:20 5 SYSTEM Scanning {S.0000019249}
13:02:20 5 SYSTEM Line Read: P I 04-10-2003 17:01:48 0000 king-dom.org admin
13:02:20 5 SYSTEM Line Read: R W 04-10-2003 17:01:52 0000 king-dom.org karen
13:02:20 5 SYSTEM Line Read:
13:02:20 5 SYSTEM Line Read: Received: from [67.60.19.41] (HELO localhost) by king-dom.org (Stalker SMTP Server 1.8b8) with SMTP id S.0000019249 for <[EMAIL PROTECTED]>; Sat, 04 Oct 2003 13:01:55 -0400
13:02:20 5 SYSTEM Line Read: From: [EMAIL PROTECTED]
13:02:20 5 SYSTEM Line Read: To: xxxxx <[EMAIL PROTECTED]>
13:02:20 5 SYSTEM Line Read: Reply-To: [EMAIL PROTECTED]
13:02:20 5 SYSTEM Line Read: X-Mailer: The Bat! (v1.61)
13:02:20 5 SYSTEM Line Read: X-Priority: 2 (High)
13:02:20 5 SYSTEM Line Read: Subject: your account nbenafua
13:02:20 5 SYSTEM Line Read: MIME-Version: 1.0
13:02:20 5 SYSTEM Line Read: Content-Type: multipart/mixed; boundary="----------2B0B5A5E001B7C6"
13:02:20 5 SYSTEM Line Read:
13:02:20 2 SYSTEM [S.0000019249] S.0000019249 0+1 From:[EMAIL PROTECTED]
13:02:20 4 SYSTEM [S.0000019249] submitted
13:02:20 5 SYSTEM delivering to local accounts
13:02:20 5 SYSTEM [S.0000019249] OSOpen refNum=8274
13:02:20 5 SYSTEM [S.0000019249] reading: 448 bytes at 97
13:02:20 5 SYSTEM Writing 7428: 581 bytes at 0
13:02:20 5 SYSTEM [S.0000019249] reading: 31939 bytes at 545
13:02:20 5 SYSTEM Writing 7428: 31940 bytes at 581
13:02:20 4 SYSTEM [S.0000019249] stored in 'xxxxx' at 0(+0)
13:02:20 2 SYSTEM(POP) [S.0000019249] delivered to (xxxxx)
13:02:20 5 SYSTEM checking modified files
13:02:20 5 SYSTEM OSClose refNum=8274
13:02:20 2 SYSTEM [S.0000019249] deleted
13:02:20 5 SYSTEM delivering to local accounts
13:02:20 5 SYSTEM checking modified files
13:29:19 0 SYSTEM The current date is Saturday, October 4, 2003
In other words, my router entry didn't stop the spam msg (it was delivered to a user account - name xxxxx'd out above).
Is there anything else that I can try? Am I doing something wrong ... or is this spam/weasel just unstoppable??
Thanks again, for everyone's help.
David
Your words of wisdom on 10/3/03:
David
It looks to me like a spammer or other weasel is simply forging the RETURN-PATH, FROM, and REPLY-TO headers on his mail using the bogus address "[EMAIL PROTECTED]". I presume since you have x-ed out the local part of the TP address that it is a real account on your system.
If you replace your "admin" router entries with the following, it should stop the weasel:
<admin*> = spamtrap
This tells the router to take any local address that starts with "admin" and spam trap it.
The ERROR routing is usually used for the domain portion of an address, as in:
*.cn = error ; chinese mail is always spam to me
-- Neil
-- "Minds, like parachutes, work only when open." -- Blue Wave
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
