Re: [Exim] SPAM problems : reject by X-Mailer?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jethro R Binks
Date:  
À: exim-users
Sujet: Re: [Exim] SPAM problems : reject by X-Mailer?
On Mon, 12 Jan 2004, Dr Andrew C Aitchison wrote:

> On Mon, 12 Jan 2004, Rory Campbell-Lange wrote:
>

[...]
> > Many of these spam senders have the following X-Mailer listed:
> >     X-Mailer: mPOP Web-Mail 2.19

> >
> > Is this possible to generate an SMTP-time rejection of a message based
> > on its X-Mailer? Is this sensible?
>
> Looking through my archived mail folders, I have 16 messages from
>     bugtraq@???
> with that signature. On a brief inspection these aren't spam.
> The other 95 messages I have with that signature have been marked
> as spam, either by spam-assassin or by me.


I'd agree with this assessment, and that of others, from my own
observations of this one over recent weeks (I have my mail client display
X-Mailer: headers by default). It seems that currently, this X-Mailer
header is fairly indicative of spam, but not exclusively so. Probably
adding some points in SpamAssassin is the way to go - it might help a bit.

Another way I check 'suspicious' X-Mailer: headers is to simply do a
google search on "X-Mailer: whatever". You'll often soon find if it is
likely to appear in a legit message, or of course if it has been discussed
before in spam-discussion environments.

I have other lists of X-Mailer headers that are definitely either bogus or
greatly suspicious/known spamware. I currently have Exim reject on seeing
these in the DATA acl; however there have been false positives from time
to time so I've commented one or two out of the list again when these have
been mentioned. I occasionally come across other lists - the one I use
(which probably came from a comment on this list originally) is probably
fairly conservative.

Jethro.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services
University Of Strathclyde, Glasgow, UK