Re: [Exim] SPAM problems : reject by X-Mailer?

Top Page
Delete this message
Reply to this message
Author: Kevin Reed
Date:  
To: exim-users
Subject: Re: [Exim] SPAM problems : reject by X-Mailer?
For what it is worth...

warn log_message = MPOPWEBMAIL $sender_host_address
     message = MPOP Webmail Spam Header Detected.\n \
       If you have questions please contact postmaster@$qualify_domain
  condition = ${if match {$header_x-mailer:}{mPOP Web-Mail 2.19}{yes}{no}}
  condition = ${if match {$header_x-originating-ip:}{IP\]}{yes}{no}}


I've been tracking this for several days now and after 4 days, have seen
no false positives with this but a ton of catches...

Each of the spams that had the mPOP Web-Mail 2.19 in the X-Mailer header,
also has an X-Originating-IP: [{something}IP] in them too. Note the IP at
the end is the letters IP.

You could turn this into a deny or make a special header to trap on or
make an SA rule out of it instead.

I've had a ton of this pointed at the postmaster account ... but it no
longer gets there ...

I'm using a deny on my own servers and a SA rule catch on my large work
servers.

Happy hunting...

--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums - http://exim.got-there.com/forums