Blocking spam by sender address is of little value, becuase usually,
they make up a new, random sender address, in a new, random forged
domain everytime they send a new spam. So usually, you'll not often see
the same address twice anyway.
On Thu, 3 Jan 2002, Joseph Kezar wrote:
> I'll tell you what I did now.
> Let me know if this is the correct way of finding the envelope-sender.:
> cat /var/log/exim_mainlog | grep 16M8YJ-0006ut-00(messageid from a SPAM
> email)
> proves:
> 2002-01-03 09:09:05 16M8YJ-0006ut-00 <= opt-in@???
> H=(mx2.state.vt.us) [170.222.64.130] P=esmtp S=6091
> id=20020103135240.24285.qmail@???
>
> I am strongly guessing 'opt-in@???' is the
> envelope-sender.
> And this is the sender that needs to be added to my /usr/exim/rejectlist
> Am I correct?
>
> Joseph Kezar wrote:
> >
> > I now know that it doesn't block on the From: header field but on the
> > "envelope sender".
> > I have spam coming in with these headers, how do I determine the
> > "envelope sender" and how can I stop this message from getting into my
> > email server
> > ________________________________________________________________________
> > Return-path: <32-1785-475039@???>
> > Envelope-to: message filter
> > Delivery-date: Thu, 03 Jan 2002 08:49:07 -0500
> > Received: from [159.105.23.130] (helo=mx1.state.vt.us) by
> > mail1.doc.state.vt.us with esmtp (Exim 3.33 #13) id 16M8F1-0006KY-00 for
> > linm@???; Thu, 03 Jan 2002 08:49:07 -0500
> > Received: from transport5e.azoogle.com ([66.197.140.44]) by
> > mx1.state.vt.us (Post.Office MTA v3.5.4 release 224 ID# 0-0U10L2S100V35)
> > with SMTP id us for <linm@???>; Thu, 3 Jan 2002 08:49:29
> > -0500
> > Received: from azoogle by transport5e.azoogle.com with local (Azoogle
> > 2.1) id 32-1785-475039 for linm@???; Thu, 03 Jan 2002
> > 08:49:25 -0500
> > Content-Type: text/plain; charset="us-ascii"
> > Content-Disposition: inline
> > Content-Transfer-Encoding: 7bit
> > MIME-Version: 1.0
> > From: "WIN $1000cash/prizes" <fsnews@???>
> > To: linm@???
> > Date: Thu, 03 Jan 2002 08:49:25 -0500
> > Subject: Get $20 in FREE-Gifts! It's still CHRISTMAS -
> > Message-ID: <32-1785-475039@???>
> > X-Info: please report abuse of this service to abuse@???
> > Content-Length: 1291
> > X-Envelope-To: linm@???
> > _______________________________________________________________________
> >
> > Matthew Byng-Maddick wrote:
> > >
> > > On Thu, Jan 03, 2002 at 08:35:40AM -0500, Joseph Kezar wrote:
> > > > My question, does this reject clause block the From:,Return-path: or
> > > > the Reply-To:
> > >
> > > My question, did you read the archives?
> > >
> > > > I am going through emails that I want to add to my reject list and I am
> > > > taking out the From: header and adding that info to my reject file.
> > > > It seems some are sneaking in still. Is it because it doesn't reject on
> > > > the From: header?
> > >
> > > A quick search later, and I find the thread:
> > > http://www.exim.org/mailman/htdig/exim-users/Week-of-Mon-20011217/033300.html
> > >
> > > Which may be instructive. Note the date, it wasn't very long ago.
> > >
> > > MBM
> > >
> > > --
> > > Matthew Byng-Maddick <mbm@???> http://colondot.net/
> > >
> > > --
> > >
> > > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
> >
> > --
> > Joseph Kezar
> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
> --
> Joseph Kezar
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
--
