Evan Platt a écrit :
> Well, as if there's a NON annoying spammer..
>
> I'm getting HAMMERED with the re: Hello spams.
>
> http://www.espphotography.com/stopthisspammer.txt
>
> Best way I can see to drop this guy is to block on "The Bat! (v3.62.14)
> Home" in the header.
>
> Near as I can see searching my 4+ years of archived messages and mailing
> list, I have yet to see this string appear in ANY legitimate mail.
>
> Any compelling reason not to, or does anyone see a better way to put
> this spam in the bitbucket?
>
> And yes, I have been feeding these to sa-learn.
>
> Evan
>
>
>
While you are in, also block mail with a 'u' in the From header. Come
on... many people use the Bat. Why punish the innocent?
1) The message is broken mime. It claims to be multipart/mixed, but
contains no parts (the mime boundary adevrtised in the Content-Type
header isn't found in the body). so it's ratware. Such messages can be
just rejected. not even worth a quarantine.
2) the message has a geocities URL. until Yahoo resolve the issue, it
now seems safe to just reject such messages. If people need to post
infos, let'em use safer URLs.
3) the body contains a mailto with the recipient address. This is rare
enough to deserve some few points.
4) According to the received headers, the message was sent from
68-168-21-68.chvlva.adelphia.net [68.168.21.68]
This is clearly a dynamic IP (it is also listed in njabl). you could
probably block this using "greetpause" as many ratware don't wait for
their turn during the smtp transaction.
BTW. did you correctly set your trusted_networks?
