On 07/25/2011 11:19 AM, Vaccus Spurcamen wrote: > On Mon, 2011-07-25 at 11:14 +0200, J4K wrote: >> Morning everyone, >> >> Whilst trying to debug a spammer, or potential misconfiguration in >> my SA/postfix set-up, I noticed this in the spam header: >> *Received: from 95.132.70.144(helo=xxx.co.uk) by xxx.co.uk with esmtpa >> (Exim 4.69) (envelope-from ) id 1MMY4Z-6815vh-KW for <[email protected]>; >> Mon, 25 Jul 2011 08:05:42 +020* >> >> The ESMTPA noted in the header stuck me as strange. 1) Does this mean >> that spammer authenticated with an smtp-auth username and password? > Suggests an authenticated user - nothing unusual in that, spammers > hijack accounts all the time (assuming the header is, of course, > genuine) Agreed. I don't know if the header is genuine.
The milter, with its current calling parametres, should not give it a free ride. ( I do not know whether it is or not). The -I is not configured, so it shouldn't... >> 2) Is there an SA rule that would subtract points if this is seem in a >> header ( I didn't think so)? > You could always write one. Agreed, but there no reason at the moment to re-invent the wheel, if its already been written.
_______________________________________________ Spamass-milt-list mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/spamass-milt-list
