Here is the complete header information that I have. I believe it is
Postfix that is creating this because of the file attached to the
message. Midco.net is a local ISP to me so if I can help clean this
stuff off their network maybe it would improve the service quality I
have at home.
thread-index: AcQ+bDCUSQODkGLGSMyQ4OyPvzTytw==
Received: from rhspam.umary.edu ([10.10.32.29]) by mail.umary.edu with
Microsoft SMTPSVC(5.0.2195.6713); Thu, 20 May 2004 08:13:06 -0500
Received: from localhost (localhost.localdomain [127.0.0.1]) by
rhspam.umary.edu (Postfix) with ESMTP id 5041D7353D for
<[EMAIL PROTECTED]>; Thu, 20 May 2004 08:13:06 -0500 (CDT)
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Content-Type: text/plain;
charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Date: Thu, 20 May 2004 08:13:06 -0500 (CDT)
From: <[EMAIL PROTECTED]>
Subject: BANNED NAME (.exe) FROM <[EMAIL PROTECTED]>[Scanned by
University of Mary Virus Scanner]
To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Return-Path: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 20 May 2004 13:13:06.0489 (UTC)
FILETIME=[3088FA90:01C43E6C]
No viruses were found.
A banned name (.exe) was found.
The mail originated from: <[EMAIL PROTECTED]>
According to the 'Received:' trace, the message originated at:
info.com (host-77-27-220-24.midco.net [24.220.27.77])
The message WAS NOT delivered to:
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, id=08719-01 - BANNED: .exe
The message has been quarantined as:
/var/virusmails/virus-20040520-081306-08719-01
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <[EMAIL PROTECTED]>
Received: from info.com (host-77-27-220-24.midco.net [24.220.27.77])
by rhspam.umary.edu (Postfix) with SMTP id 7A71973523;
Thu, 20 May 2004 08:12:59 -0500 (CDT)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 20 May 2004 12:39:59 UTC
Subject: FwD: Mailing Error (3291)
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="======f4a54824ef4b.5e238"
Content-Transfer-Encoding: 7bit
-------------------------- END HEADERS ------------------------------
Dale
-----Original Message-----
From: Kevin Peuhkurinen [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 20, 2004 9:39 AM
To: Dale Haman
Cc: [EMAIL PROTECTED]
Subject: Re: How to interpret rejected message[Scanned by University of
Mary Virus Scanner]
The only recieved headers you can trust are the ones that say that they
were recieved by a machine that is in your control. Any others can be
forged. You also want to believe only the IP address and possibly the
reverse DNS lookup provided by your mail server as the name provided in
the HELO can be forged as well.
Although you haven't provided entire header lines here, in your example
it looks like the mail originated from 24.220.xx.xx which has the
reverse DNS name of host-xx-xx-220-24.midco.net which is a dynamic
address hosted by the ISP midco.net.
Dale Haman wrote:
>Forgive me if this is not the right list for this. I am fairly new to
SA
>and linux email in general. My question is how to interpret a rejected
>message like this section for instance:
>
>The mail originated from: <[EMAIL PROTECTED]>
>
>According to the 'Received:' trace, the message originated at:
> info.com (host-XX-XX-220-24.midco.net [24.220.XX.XX])
>
>Which one did it actually come from? Hotmail or Midco.net? I have
>received many of these with several different " The mail originated
>from:" but the " According to the 'Received:' trace" is from the same
>address. Do I believe the originated from or the trace?
>
>I am running the configuration from this site:
>http://www.geocities.com/scottlhenderson/spamfilter.html
>
>postfix
>amavisd-new
>SpamAssassin (aka "SA")
>Razor
>
>
>Thanks for your help.
>Dale
>
>
>
