Re: [exim] spammers have beat me to the game!

Top Page
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: Odhiambo Washington, exim-users
Subject: Re: [exim] spammers have beat me to the game!
There is nothing in those headers that suggests they have been
authenticated on your servers. They _may_ have been authenticated at
204.9.186.196 (Florida), but nothing 100% sure.
Anyway, you should request that everything coming from
something@yourdomain is either authenticated, either coming from a
trusted or known IP. Many will suggest this is like SPF, and it is a
little bit true, but I think this is an acceptable drawback for your own
domains.

Odhiambo Washington wrote:
> Look at the following headers:
>
> <cut>
>>From wash@??? Tue Jul 04 19:57:06 2006
> Return-path: wash@???
> Envelope-to: wash@???
> Delivery-date: Tue, 04 Jul 2006 19:57:06 +0300
> Received: from acaen-251-1-97-4.w86-205.abo.wanadoo.fr ([86.205.243.4])
>         by ns2.wananchi.com with esmtp (Exim 4.62 #0 (FreeBSD 4.11-STABLE))
>         id 1FxoCv-0003Gc-1j
>         for <wash@???>; Tue, 04 Jul 2006 19:57:06 +0300
> Received: from [VAR999.2] ([VAR999.2] [[VAR999.3]])
>         by ACaen-251-1-97-4.w86-205.abo.wanadoo.fr (Qmailv1) with ESMTP id PRY4H2PQX0P
>         for <wash@???>; Tue, 04 Jul 2006 18:51:06 +0100
> Received: from 204.9.186.196 ([wildwolfwebmasters.com]:12561 "EHLO [wildwolfwebmasters.com]"
>         smtp-auth: "hxvkeo" TLS-CIPHER: <none> TLS-PEER-CN1: <none>)
>         by [VAR999.2] with ESMTP id QF5-ACd1g-1Yc (ORCPT
>         <rfc822;hxvkeo@[VAR999.0]>); Tue, 04 Jul 2006 14:37:01 +0200
> Date: Tue, 04 Jul 2006 14:37:01 +0200
> From: Paul Pearce <hxvkeo@[VAR999.0]>
> X-Mailer: The Bat! (v2.12.10) Pro
> X-Priority: 3
> Message-ID: <537086252.2006070467560@[VAR999.0]>
> To: wash@???
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>         boundary="----------R073UT088MKLBN66G5NR3"
> </cut>

>
>
> All mail _NOT_ originating from ns2.wananchi.com, addressed to me, is
> passed through a spam filter, DSPAM, which classifies, adds headers
> depending on the classification, or quarantines it.
>
> In this particular case, this mail, which was selling to me those
> "men's troubles concotion", passed untouched. It's from me to ME too ;)
> It pretends there is ASMTP involved as well.....
>
> Spammer has beat me to the game here, no?
>
>
>
>         cheers
>        - wash 
> +----------------------------------+-----------------------------------------+
> Odhiambo Washington                    . WANANCHI ONLINE LTD (Nairobi, KE)  |
> wash () WANANCHI ! com            . 1ere Etage, Loita Hse, Loita St.,  |
> GSM: (+254) 722 743 223            . # 10286, 00100 NAIROBI             |
> GSM: (+254) 733 744 121            . (+254) 020 313 985 - 9             |
> +---------------------------------+------------------------------------------+
> "Oh My God! They killed init! You Bastards!"  
>                          --from a /. post

>


--
Nikademus
http://www.octools.com

.O.
..O
OOO

PGP key: http://www.llorien.org/gnupg/key.pub