[Postfixbuch-users] Mails ohne received-Header ???

Uwe Driessen driessen at fblan.de
Mo Jun 18 23:51:19 CEST 2007 

Sebastian Deiszner schrieb: 
> Hallo,
> 
> ich bekomme Spammails an eines der Mailkonten - hier ein Mailheader -
> die Originalmailadresse habe ich ersetzt.
> 
> Von welcher IP hat mein Mailserver diese Mail empfangen?

Ei dann gugge mal in dein mail.log do steht dös drinne 


> Wie könnte ich solche Mails blockieren?

Auszug aus dem Maillog dann kann man weiterschauen 

> 
>  From fearnsideinc.com at gzts.com Mon Jun 18 22:37:17 2007
> Return-Path: <fearnsideinc.com at gzts.com>
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02)
> X-Spam-Level: *************************
> X-Spam-Status: Yes, hits=25.1 required=2.0
> tests=CTYPE_001C_A,DNS_FROM_RFC_BOGUSMX,FH_MSGID_01C67,HDR_ORDER_FTSDMCXX_001C,HTML_IMAG
> E_ONLY_16,HTML_MESSAGE,HTML_SHORT_LINK_IMG_2,NO_RECEIVED,NO_RELAYS,URIBL_AB_SURBL,URIBL_
> JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_DOB,URIBL_SBL,URIBL_SC_SURBL,URIBL_SC_SWINOG,URIBL_WS_
> SURBL
> autolearn=spam version=3.2.1
> X-Spam-Report:
>       * 2.3 CTYPE_001C_A CTYPE_001C_A
>       * 0.5 FH_MSGID_01C67 Special MSGID
>       * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
>       * 0.0 HTML_MESSAGE BODY: HTML included in message
>       * 2.5 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes
> of words
>       * 1.6 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
>       * [URIs: lawdbane.com]


dig lawdbane.com

; <<>> DiG 9.4.1 <<>> lawdbane.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30672
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;lawdbane.com.                  IN      A

;; Query time: 43 msec
;; SERVER: 193.254.185.254#53(193.254.185.254)
;; WHEN: Mon Jun 18 23:21:35 2007
;; MSG SIZE  rcvd: 30

s1:~# dig lawdbane.com mx

; <<>> DiG 9.4.1 <<>> lawdbane.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9861
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;lawdbane.com.                  IN      MX

;; ANSWER SECTION:
lawdbane.com.           60      IN      MX      20 relay2.lawdbane.com.
lawdbane.com.           60      IN      MX      10 relay.lawdbane.com.

;; AUTHORITY SECTION:
lawdbane.com.           37      IN      NS      ns1.lawdbane.com.
lawdbane.com.           37      IN      NS      ns2.lawdbane.com.

;; ADDITIONAL SECTION:
relay.lawdbane.com.     60      IN      A       210.22.15.51
relay2.lawdbane.com.    60      IN      A       210.22.15.51
ns1.lawdbane.com.       37      IN      A       210.22.15.51
ns2.lawdbane.com.       37      IN      A       210.22.15.51

;; Query time: 350 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jun 18 23:21:59 2007
;; MSG SIZE  rcvd: 175


Mit freundlichen Grüßen

Drießen

-- 
Software & Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: 06708 / 660045   Fax: 06708 / 661397

Mehr Informationen über die Mailingliste Postfixbuch-users