For what it is worth...
warn log_message = MPOPWEBMAIL $sender_host_address
message = MPOP Webmail Spam Header Detected.\n \
If you have questions please contact postmaster@$qualify_domain
condition = ${if match {$header_x-mailer:}{mPOP Web-Mail 2.19}{yes}{no}}
condition = ${if match {$header_x-originating-ip:}{IP\]}{yes}{no}}
I've been tracking this for several days now and after 4 days, have seen
no false positives with this but a ton of catches...
Each of the spams that had the mPOP Web-Mail 2.19 in the X-Mailer header,
also has an X-Originating-IP: [{something}IP] in them too. Note the IP at
the end is the letters IP.
You could turn this into a deny or make a special header to trap on or
make an SA rule out of it instead.
I've had a ton of this pointed at the postmaster account ... but it no
longer gets there ...
I'm using a deny on my own servers and a SA rule catch on my large work
servers.
Happy hunting...
--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums -
http://exim.got-there.com/forums
