Jim Smith wrote: > I'm getting lots of spam that are skipping rules. One that came in > recently with lots of porn only got tagged for SORBS, NUMERIC HELO, > and UNPARSEABLE RELAY (I don't know what unparseable relay means but > seems like many emails have that lately). The full headers & message > (uncensored) of that example is at www.blarneystone.com/spam/spam.txt > if that helps.
I think that this is the unparseable relay: Received: from mail.xxxxx.edu by xxx.xx.xxx.xxx (8.12.11/8.12.11) with ESMTP id 2XaVd6sLk8ikAV for <[EMAIL PROTECTED]>; Wed, 8 Feb 2006 08:44:46 -0800 Notice there's no indication of what IP address the mail was received from. (by != from.) I would bet heavily that this header was spoofed. The only headers you can trust are the ones added by servers you know... in this case, it looks like the top two Received: headers are by trustworthy servers. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer