Re: [Exim] Header Data

Top Page
Delete this message
Reply to this message
Author: Joseph Kezar
Date:  
To: exim-users
Subject: Re: [Exim] Header Data
I'll tell you what I did now.
Let me know if this is the correct way of finding the envelope-sender.:
cat /var/log/exim_mainlog | grep 16M8YJ-0006ut-00(messageid from a SPAM
email)
proves:
2002-01-03 09:09:05 16M8YJ-0006ut-00 <= opt-in@???
H=(mx2.state.vt.us) [170.222.64.130] P=esmtp S=6091
id=20020103135240.24285.qmail@???

I am strongly guessing 'opt-in@???' is the
envelope-sender.
And this is the sender that needs to be added to my /usr/exim/rejectlist
Am I correct?

Joseph Kezar wrote:
>
> I now know that it doesn't block on the From: header field but on the
> "envelope sender".
> I have spam coming in with these headers, how do I determine the
> "envelope sender" and how can I stop this message from getting into my
> email server
> ________________________________________________________________________
> Return-path: <32-1785-475039@???>
> Envelope-to: message filter
> Delivery-date: Thu, 03 Jan 2002 08:49:07 -0500
> Received: from [159.105.23.130] (helo=mx1.state.vt.us) by
> mail1.doc.state.vt.us with esmtp (Exim 3.33 #13) id 16M8F1-0006KY-00 for
> linm@???; Thu, 03 Jan 2002 08:49:07 -0500
> Received: from transport5e.azoogle.com ([66.197.140.44]) by
> mx1.state.vt.us (Post.Office MTA v3.5.4 release 224 ID# 0-0U10L2S100V35)
> with SMTP id us for <linm@???>; Thu, 3 Jan 2002 08:49:29
> -0500
> Received: from azoogle by transport5e.azoogle.com with local (Azoogle
> 2.1) id 32-1785-475039 for linm@???; Thu, 03 Jan 2002
> 08:49:25 -0500
> Content-Type: text/plain; charset="us-ascii"
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit
> MIME-Version: 1.0
> From: "WIN $1000cash/prizes" <fsnews@???>
> To: linm@???
> Date: Thu, 03 Jan 2002 08:49:25 -0500
> Subject: Get $20 in FREE-Gifts! It's still CHRISTMAS -
> Message-ID: <32-1785-475039@???>
> X-Info: please report abuse of this service to abuse@???
> Content-Length: 1291
> X-Envelope-To: linm@???
> _______________________________________________________________________
>
> Matthew Byng-Maddick wrote:
> >
> > On Thu, Jan 03, 2002 at 08:35:40AM -0500, Joseph Kezar wrote:
> > > My question, does this reject clause block the From:,Return-path: or
> > > the Reply-To:
> >
> > My question, did you read the archives?
> >
> > > I am going through emails that I want to add to my reject list and I am
> > > taking out the From: header and adding that info to my reject file.
> > > It seems some are sneaking in still. Is it because it doesn't reject on
> > > the From: header?
> >
> > A quick search later, and I find the thread:
> > http://www.exim.org/mailman/htdig/exim-users/Week-of-Mon-20011217/033300.html
> >
> > Which may be instructive. Note the date, it wasn't very long ago.
> >
> > MBM
> >
> > --
> > Matthew Byng-Maddick         <mbm@???>           http://colondot.net/

> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
> --
> Joseph Kezar
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##


--
Joseph Kezar