Hello guys,
This is not really XMail specific but I am a bit confused there and I need
help from experts.
Here is the problem, I am using a filter that works with SPF, everything is
working fine except one thing.
Sometimes forged froms pass through the filter because the filter is getting
the return-path instead of a faked from, see this example:
Return-Path: <munitio...@soulofthejedi.net>
Delivered-To: r...@fullmetalpacket.com
Received: from dsldevice.lan ([92.18.93.37]:49281)
by mail with [XMail 1.26 ESMTP Server]
id <SA34818> for <r...@fullmetalpacket.com> from
<munitio...@soulofthejedi.net>;
Wed, 14 Oct 2009 11:50:35 -0400
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
spamshield.fullmetalpacket.com
X-Spam-Status: No, score=-87.3 required=9.0 tests=BAYES_50,HTML_MESSAGE,
MIME_QP_LONG_LINE,NO_RELAYS,SPAMMY_XMAILER,TVD_RCVD_IP,TVD_RCVD_IP4,
URIBL_BLACK,USER_IN_WHITELIST,XMAILER_MIMEOLE_OL_91287
autolearn=no
version=3.2.4
Received: from 92.18.93.37 by soulofthejedi.net; Wed, 14 Oct 2009 16:40:46
+0000
Message-ID: <000d01ca4ce4$b2b7b9c0$6400a...@munitionb9>
From: "notificati...@fullmetalpacket.com"
<notificati...@fullmetalpacket.com>
To: <r...@fullmetalpacket.com>
Subject: The settings for the r...@fullmetalpacket.com mailbox were changed
Date: Wed, 14 Oct 2009 16:40:46 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01CA4CE4.B2B7B9C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.2300
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.2300
This guy is sending email like this with links to spread his malware.
My filter is analyzing Return-Path: munitio...@soulofthejedi.net instead of
From: "notificati...@fullmetalpacket.com" notificati...@fullmetalpacket.com
Is there any way to analyze the faked from?
Thanks
-fred
_______________________________________________
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail
