Re: [exim] Spam with no Message-ID header?

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: John W. Baxter
CC: exim-users
Subject: Re: [exim] Spam with no Message-ID header?
On Thu, Aug 13, 2009 at 4:46 PM, John W. Baxter<jwblist3@???> wrote:
> Well, consider
> 2009-08-13 16:24:27 1Mbjel-0006G4-Lv <= Fidelity.Alerts@???
> H=lrtp86.fidelity.com (fidelity.com) [192.223.136.149]:57171
> I=[172.21.2.5]:25 P=esmtp S=3789
>
> 192.223.136.149 belongs to Fidelity Investments (seemingly the real one per
> the listing provided by ARIN). I think they (and their client) want the mail
> delivered.
>
> And
> 2009-08-13 16:14:46 1MbjVO-0005Mw-Ar <= owner-saluki-l@???
> H=altair.ease.lsoft.se [212.247.25.55]:60861 I=[172.21.2.5]:25 P=esmtp
> S=4723
> RIPE says 212.247.25.55 belongs to L-Soft and mailing list providers want
> their messages delivered.
>
> And many others--those were two obvious white hats found quickly in a slew
> of output much of it obviously spammer-sent, without scrolling my window.


That was my experience too. Much of it was junk, but when I started
seeing emails from a Chinese airline ticket confirmation matching, I
knew I couldn't drop them.

Interestingly I find that emails from something.bounces.google.com are
also appearing at my mail servers without a Date header. I have yet
to troubleshoot this, so I don't have raw headers yet nor do I know if
it's all emails from that subdomain, but I will do that tomorrow and
send info to the postmaster account there and find out if that is by
design or if it's an oversight.

-- 
Regards...      Todd