Author: Adam Stephens Date: To: exim users Subject: Re: [exim] anti-spam... what's next?
Kjetil Torgrim Homme wrote: > On Tue, 2008-11-11 at 12:40 +0000, Adam Stephens wrote:
>
>> Kjetil Torgrim Homme wrote:
>>
>>> On Mon, 2008-11-10 at 17:52 +0000, Adam Stephens wrote:
>>>
>>>> I certainly wouldn't block on it outright like this. We see forwarded
>>>> mail with hotmail senders, and mailing list mail, and mail from ebay's
>>>> mail servers, and apparently legitimate mail sent via other ISPs, all of
>>>> which would be rejected by this rule.
>>>>
>>> the test checks the envelope sender, not the headers of the e-mail. you
>>> won't get false positives from mailing lists, forwarded e-mail or eBay
>>> with that rule.
>>>
>> My logs say otherwise.
>>
>
> without log excerpts, I'm not inclined to believe you.
> Suit yourself.
Here's one from ebay:
2008-11-11 13:49:05 1Kztc3-0004Mi-0G <= xxxxxx@???
H=mxpool22.ebay.com (mxpool01.ebay.com) [66.135.197.28] P=esmtp S=17965
id=1569873298.1226411338214.JavaMail.SYSTEM@rc-v3conta003 from
<xxxxx@???> for xxxxxx@???
Here's a forwarded mail:
2008-11-10 16:43:08 1KzZqp-0006DD-TV <= xxxxx@???
H=forward.a.hostedemail.com [216.40.42.17] P=esmtp S=37233
id=BLU149-W651CAAB104160187329229F31A0@??? from
<xxxxxxx@???> for xxxxx@???
Here's some legitimate mail submitted via another ESP:
2008-11-08 09:22:34 1Kyk1Q-00063Y-7Y <= xxxxx@???
H=outmail129176.authsmtp.com [62.13.129.176] P=esmtp S=12044
id=db16dc8c46faada6195bd89f001a55a8@??? from
<xxxxx@???> for xxxx@???
And this one is, I'm told, a mailing list:
mainlog.02.gz:2008-11-09 02:30:21 1Kz045-0004Rr-1P <= xxxx@???
H=yearning.mcc.ac.uk [130.88.203.23] P=esmtp S=40228
id=BLU149-W42E6E5E172F6F6370D6030E71B0@??? from <xxxx@???>
for xxxxxx@??? xxxxxxx@???
regards,
Adam.
--
--------------------------------
Adam Stephens
Network Specialist - Email & DNS
adam.stephens@???
