[Exim] Spam Mails

Góra strony
Delete this message
Reply to this message
Autor: Jeyanolipavan, Raviraj
Data:  
Dla: exim-users
Temat: [Exim] Spam Mails
This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Hi All



We are receiving lots of spam mails recently, not address to the user in
the to field.

For example I have received an email send to lynda@???

But when I trace this one on the exim logs, I found that, it been send
to postmaster@???

I.e. the "To" field is different in the Envelop and the header.



How can we stop this happening? We are currently using sender verify and
recipient verify in ACL

Any other rules can we use?



Any ideas would be appreciated.



Thank you

Ravi





Example Message header



Microsoft Mail Internet Headers Version 2.0

Received: from kumailx1.king.ac.uk ([141.241.2.14]) by
KUDBEX01.kuds.kingston.ac.uk with Microsoft SMTPSVC(6.0.3790.0);

             Tue, 27 Jul 2004 23:53:42 +0100


Received: from mail57.messagelabs.com ([195.245.230.115])

            by kumailx1.king.ac.uk with smtp (Exim 4.34)


            id 1Bpanx-0004JY-Mz; Tue, 27 Jul 2004 23:52:31 +0100


X-VirusChecked: Checked

X-Env-Sender: ra1ywrite@???

X-Msg-Ref: server-6.tower-57.messagelabs.com!1090968647!11688791

X-StarScan-Version: 5.2.10; banners=-,-,kingston.ac.uk

X-Originating-IP: [163.21.225.251]

Received: (qmail 22560 invoked from network); 27 Jul 2004 22:50:47 -0000

Received: from unknown (HELO kimo.com.tw) (163.21.225.251)

by server-6.tower-57.messagelabs.com with SMTP; 27 Jul 2004 22:50:47
-0000

To: <lynda@???>

From: "Phillip" <yodaconcept@???>

Date: Tue, 27 Jul 2004 22:50:51 GMT

Message-Id: <1090968651-703@???>

Sender: karen1carroll@???

Subject: Save big on your software costs!

Content-Type: text/plain;

X-uvscan-result: clean (1Bpanx-0004JY-Mz)

Return-Path: ra1ywrite@???

X-OriginalArrivalTime: 27 Jul 2004 22:53:42.0659 (UTC)
FILETIME=[9099AD30:01C4742C]





Exim log



2004-07-27 23:52:31 1Bpanx-0004JY-Mz <= ra1ywrite@???
H=mail57.messagelabs.com [195.245.230.115] P=smtp S=2066
id=1090968651-703@???

2004-07-27 23:52:31 1Bpanx-0004JY-Mz => nobody <nobody@???>
R=localuser T=local_delivery

2004-07-27 23:52:32 1Bpanx-0004JY-Mz => k0218840@???
<network@???> R=incoming T=internet_in H=141.241.2.11
[141.241.2.11]

2004-07-27 23:52:33 1Bpanx-0004JY-Mz => nrogers@???
<nigel@???> R=send_to_gateway T=remote_smtp
H=cluster1.eu.messagelabs.com [193.109.255.67]

2004-07-27 23:52:33 1Bpanx-0004JY-Mz => ku12287@???
<operator@???> R=incoming T=internet_in H=141.241.17.17
[141.241.17.17]

2004-07-27 23:52:33 1Bpanx-0004JY-Mz -> ku16133@???
<news@???> R=incoming T=internet_in H=141.241.17.17
[141.241.17.17]

2004-07-27 23:52:33 1Bpanx-0004JY-Mz Completed







Kingston University

Penrhyn Road

Kingston upon Thames

Surrey

KT1 2EE

Tel: +44 (0) 208 547 8278




This email has been scanned for all viruses by the MessageLabs Email
Security System.
--