[Postfixbuch-users] Nazi-Spam Zweite Runde

Ralf Kayser ralf at suppenuser.de
So Mai 22 12:30:03 CEST 2005


Hi All,

Grad eben bekomme ich von einem meiner Kunden einen dieser Nazispam's
geforwarded. Das Teil ist in Englisch (subject "Dresden Bombing Is To Be
Regretted Enormously") und hat als Inhalt 

------------------cut---------------------
> Full Article:
> http://service.spiegel.de/cache/international/0,1518,341239,00.html
------------------------------------------


Was mir (neben den fehlenden Englischen Texten als Filter) ein bischen
sorgen macht, ist das das Teil diesesmal über einen regulären smtp
eingeliefert wurde und somit durch unser Greylisting nicht mehr weggewürfelt
wird....:

------------------cut---------------------

May 21 19:30:59 smtpd[8661]: connect from
mailhub01.readyhosting.com[63.99.224.71]
May 21 19:31:00 smtpd[8661]: 1B0FD31428A:
client=mailhub01.readyhosting.com[63.99.224.71]
May 21 19:31:00 postfix/cleanup[8786]: 1B0FD31428A:
message-id=<aea2.32aea92ef46 at hotmail.com>
May 21 19:31:00 postfix/qmgr[25404]: 1B0FD31428A:
from=<jamsterdam1 at hotmail.com>, size=1118, nrcpt=1 (queue active)
May 21 19:31:00 avgated[8788]: connection from localhost.localdomain
May 21 19:31:00 avgated[8788]: spooled to 08788-3C3801BF
May 21 19:31:00 postfix/smtp[8787]: 1B0FD31428A: to=<web433p1 at xxxxxxxxxx>,
orig_to=<tommy at xxxxxxxxxx>, relay=
May 21 19:31:00 avgatefwd[8789]: Message 'incoming/xf-08788-3C3801BF'
scheduled for scanning now.
May 21 19:31:00 avgatefwd[8789]: Virus Scanner will process message
'incoming/qf-08788-3C3801BF'.
May 21 19:31:00 postfix/qmgr[25404]: 1B0FD31428A: removed
May 21 19:31:00 avgated[8788]: connection to localhost.localdomain closed
May 21 19:31:00 smtpd[8661]: disconnect from
mailhub01.readyhosting.com[63.99.224.71]
May 21 19:31:00 avgatefwd[8792]: Message 'outgoing/xf-08788-3C3801BF'
scheduled for delivery now.
May 21 19:31:00 postfix/smtpd[8793]: connect from
localhost.localdomain[127.0.0.1]
May 21 19:31:00 postfix/smtpd[8793]: 6EBDA31428A:
client=localhost.localdomain[127.0.0.1]
May 21 19:31:00 postfix/cleanup[8786]: 6EBDA31428A:
message-id=<aea2.32aea92ef46 at hotmail.com>
May 21 19:31:00 postfix/qmgr[25404]: 6EBDA31428A:
from=<jamsterdam1 at hotmail.com>, size=1606, nrcpt=1 (queue active)
May 21 19:31:00 avgatefwd[8792]: Message 'outgoing/df-08788-3C3801BF'
successfully forwarded (250 Ok: queued as 6EBDA31428A
May 21 19:31:00 postfix/smtpd[8793]: disconnect from
localhost.localdomain[127.0.0.1]
May 21 19:31:00 spamd[689]: connection from localhost.localdomain
[127.0.0.1] at port 54685
May 21 19:31:00 spamd[8798]: info: setuid to web433p1 succeeded
May 21 19:31:00 spamd[8798]: processing message
<aea2.32aea92ef46 at hotmail.com> for web433p1:731.
May 21 19:31:00 spamd[8798]: clean message (1.1/5.0) for web33p1:731 in 0.3
seconds, 1712 bytes.
------------------------------------------



Kann das jemand von Euch bestätigen und - wichtiger - hat jemand eine Ahnung
wie wir das sauber blocken können?


Gruß Ralf






Mehr Informationen über die Mailingliste Postfixbuch-users