[Postfixbuch-users] ***SPAM*** Mails ohne received-Header ???

Andreas Winkelmann ml at awinkelmann.de
Di Jun 19 06:36:34 CEST 2007


On Monday 18 June 2007 22:58, Sebastian Deiszner wrote:

> ich bekomme Spammails an eines der Mailkonten - hier ein Mailheader -
> die Originalmailadresse habe ich ersetzt.
>
> Von welcher IP hat mein Mailserver diese Mail empfangen?
> Wie könnte ich solche Mails blockieren?

Wenn dich die Received:-Zeilen interessieren, solltest Du sie nicht löschen.

>  From fearnsideinc.com at gzts.com Mon Jun 18 22:37:17 2007
> Return-Path: <fearnsideinc.com at gzts.com>
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02)
> X-Spam-Level: *************************
> X-Spam-Status: Yes, hits=25.1 required=2.0
> tests=CTYPE_001C_A,DNS_FROM_RFC_BOGUSMX,FH_MSGID_01C67,HDR_ORDER_FTSDMCXX_0
>01C,HTML_IMAGE_ONLY_16,HTML_MESSAGE,HTML_SHORT_LINK_IMG_2,NO_RECEIVED,NO_REL
>AYS,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_DOB,URIBL_SBL,URI
>BL_SC_SURBL,URIBL_SC_SWINOG,URIBL_WS_SURBL autolearn=spam version=3.2.1
> X-Spam-Report:
>       * 2.3 CTYPE_001C_A CTYPE_001C_A
>       * 0.5 FH_MSGID_01C67 Special MSGID
>       * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
>       * 0.0 HTML_MESSAGE BODY: HTML included in message
>       * 2.5 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes
> of words
>       * 1.6 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
>       * [URIs: lawdbane.com]
>       * 2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
>       * [URIs: lawdbane.com]
>       * 2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
>       * [URIs: lawdbane.com]
>       * 2.1 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
>       * [URIs: lawdbane.com]
>       * 2.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
>       * [URIs: lawdbane.com]
>       * 2.1 DNS_FROM_RFC_BOGUSMX RBL: Envelope sender in
>       * bogusmx.rfc-ignorant.org
>       * 0.9 URIBL_SC_SWINOG URI's listed in uribl.swinog.ch.
>       * [URIs: lawdbane.com]
>       * 0.9 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
>       * [URIs: lawdbane.com]
>       * 2.5 URIBL_SBL Contains an URL listed in the SBL blocklist
>       * [URIs: lawdbane.com]
>       * 1.9 HDR_ORDER_FTSDMCXX_001C Header order similar to spam
> (FTSDMCXX/MID
>       * variant)
>       * -0.0 NO_RECEIVED Informational: message has no Received headers
>       * 0.2 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
> X-Original-To: meinmailkonto at meinmailserver.tld
> Delivered-To: meinmailkonto at localhost
> Message-ID: <000001c7b1e8$1b2fe080$0100007f at localhost>
> From: "Walter Scott" <fearnsideinc.com at gzts.com>
> To: <meinmailkonto at meinmailserver.tld>
> Subject: Beware of fake pills
> Date: Mon, 18 Jun 2007 22:36:48 +0200
> MIME-Version: 1.0
> Content-Type: multipart/related;
>       boundary="----=_NextPart_000_0001_01C7B1E8.1B2FE080"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.2180
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

-- 
	Andreas



Mehr Informationen über die Mailingliste Postfixbuch-users