http://bugzilla.spamassassin.org/show_bug.cgi?id=3356
Summary: Trap bogus outblaze Received lines
Product: Spamassassin
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: Rules (Eval Tests)
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
[Be gentle, my first suggested rule!]
I get a lot of spam from some mal-ware that puts bogus received lines
implicating <some domain>.mr.outblaze.com as the injection point.
[EMAIL PROTECTED] state that mr.outblaze.net is not a valid domain:
<quote>
If you are complaining about spam that apparently originates from a server in
the ".mr.outblaze.com" domain, please note that these are forged headers, and
the spam did not originate from our network or users.
Please ask your webhost / ISP / systems admin to block all mail that has the
text ".mr.outblaze.com" in any Received: email header, such as -
|Received: from finklfan.com (finklfan-com.mr.outblaze.com [205.158.62.169])
| by surfeador.com (Postfix) with ESMTP id F1ECCBB41A
| for <[EMAIL PROTECTED]>; Sun, 08 Feb 2004 08:20:35 -0500
These emails do not originate from our newtork or users. These have been forged
by the spammer. Our legal team is aware of this and we are working towards
suing the spammer once we can find who he is.
</quote>
The following rules catch this:
header MR_OUTBLAZE Received =~ /\.mr\.outblaze\.com/i
score MR_OUTBLAZE 5
describe MR_OUTBLAZE Received header attempts to frame mr.outblaze.com
This catches about a third of the spam that passes the rest of my filters.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
