Hi Jeremy,

the smtp auth patch you use should be putting a header in the email saying who
sent it.. check for that header, and shut the guy off.

This is the first thing that I did try. My server was set 2 years ago and vpopmail version is 5.3.20. I use the toaster guide from Bill Shup and his large patch. I never get a problem like that. The version of smtp-auth patch does not put the information into the headers. The message bellow is what the spammer sends out. The IP listed always change. I test my server right now and it isn't an open relay. So when I identify the vpopmail user that was used to do that I can take the properly action, but how?

Received: (qmail 5098 invoked by uid 1010); 22 Oct 2004 11:46:22 -0200
Received: from [EMAIL PROTECTED] by alonso.bayweb.biz by uid 0 with qmail-scanner-1.22
(clamdscan: 0.74. spamassassin: 2.63. Clear:RC:0(
Processed in 5.793772 secs); 22 Oct 2004 13:46:22 -0000
Received: from unknown (HELO meals) ([EMAIL PROTECTED])
by alonso.bayweb.biz with SMTP; 22 Oct 2004 11:46:16 -0200
From: "Michael Sapanna"<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Qmail-Scanner-Message-ID: <[EMAIL PROTECTED]>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on alonso.bayweb.biz
* 1.9 DATE_MISSING Missing Date: header
* 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.1 RCVD_IN_RFCI RBL: Sent via a relay in ipwhois.rfc-ignorant.org
* [ has inaccurate or missing WHOIS]
[data at the RIR]
* 0.0 UPPERCASE_25_50 message body is 25-50% uppercase
X-Spam-Status: Yes, hits=7.4 required=4.0 tests=BAYES_99,DATE_MISSING,
RCVD_IN_RFCI,UPPERCASE_25_50 autolearn=no version=2.63
X-Spam-Level: *******


V|SIT  0UR  S1TE  AND  0RDER  HERE http://sear.cndbvsa.com/as#boathouse

Thanks in advance, -- Walter.

Reply via email to