Here is an example of spam from "Rapid Fire" . (mailhub2 is one of our
main hubs, mail.liv.ac.uk will soon be expired)
---------- Forwarded message ----------
Return-Path: <postmaster@???>
Delivery-Date: Fri, 13 Feb 1998 17:30:23 +0000
Received: from mailhub2.liv.ac.uk by mail.liv.ac.uk with Local-SMTP (PP);
Fri, 13 Feb 1998 17:30:21 +0000
Received: from hdn104-063.hil.compuserve.com [206.175.106.63]
by mailhub2.liv.ac.uk with smtp (Exim 1.73 #2) id 0y3OwO-0007dZ-00;
Fri, 13 Feb 1998 17:30:21 +0000
From:
To:
Subject: A Unique Email
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Message-Id: <E0y3OwO-0007dZ-00@???>
Date: Fri, 13 Feb 1998 17:30:21 +0000
--
Alan Thew alan.thew@???
Computing Services,University of Liverpool Fax: +44 151 794-4442
On Wed, 18 Feb 1998, Greg A. Woods wrote:
> [ On Mon, February 16, 1998 at 23:01:32 (+0000), Alan Thew wrote: ]
> > Subject: [EXIM] Problems with spam direct from PoPs
> >
> > As others may have seen, the "new generation" of spam software does direct
> > injection to our/your MTA, no smarthost/3rd part relay etc.
> >
> > In some cases, the best thing is to just block IP address ranges etc.
> > However all attacks seen here so far have blank To: and From: fields. I'm
> > still running 1.73 and wondered what the easiest way to trap this.
>
> What's the envelope look like? 99.99% of the similar spam I've seen of
> this nature has "invalid" SMTP envelope fields (invalid and non-matching
> HELO, invalid MAIL FROM domain, and of course often even invalid RCPT TO
> users).
>
> --
> Greg A. Woods
>
> +1 416 443-1734 VE3TCP <gwoods@???> <robohack!woods>
> Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>
>
> --
> *** Exim information can be found at http://www.exim.org/ ***
>
>
--
*** Exim information can be found at
http://www.exim.org/ ***
