[CLUE-Tech] bad trick
Mike Staver
staver at fimble.com
Tue Jul 1 00:09:01 MDT 2003
I have a problem - I have an extensive "ban list" on my server to help
combat spam. What I mean is, I religously update /etc/mail/access with
lines like this:
checkyourinbox.com REJECT
I after I edit that file, besides just running /etc/rc.d/init.d/sendmail
restart, I run through these steps in /etc/mail:
make clean
make all
newaliases
/etc/rc.d/init.d/sendmail restart
I have had that checkyourinbox.com line in there for weeks now - yet
everyday, I get annoying emails from them. I have included the headers
below from my latest:
Return-Path: <bounce-insidersavings-64791891 at mail15.checkyourinbox.com>
Received: from mail15.checkyourinbox.com ([146.82.96.236])
by fimble.com (8.12.8/8.12.8) with SMTP id h612DN5l014529
for <STAVER at FIMBLE.COM>; Mon, 30 Jun 2003 20:13:24 -0600
Message-Id: <200307010213.h612DN5l014529 at fimble.com>
From: "Holly Jensen" <leave-insidersavings-64791891X at mail15.checkyourinbox.com>
To: STAVER at FIMBLE.COM
Subject: The Harry Potter Book Club
Date: Mon, 30 Jun 2003 21:31:25 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=="
List-Unsubscribe: <mailto:leave-insidersavings-64791891X at mail15.checkyourinbox.com>
Reply-To: leave-insidersavings-64791891X at mail15.checkyourinbox.com
X-Spam-Status: No, hits=2.4 required=4.5
tests=CLICK_BELOW,HTML_50_60,HTML_LINK_CLICK_HERE,HTML_MESSAGE,
MSG_ID_ADDED_BY_MTA_3,RISK_FREE
version=2.55
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
This is a multi-part message in MIME format.
--==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
So, I'm confused as to how this email keeps getting by - I have them
rejected at the mailserver level. So, I don't know if they are spoofing
something, because I don't get how it could get through. Since my
sendmail config isn't blocking it - does anybody know how to "blacklist"
a domain in spamassassin? I have made spamassassin "learn" that emails
like this one are spam, and I have sendmail reject them - but I still
get a few a day from these bastards, and I don't know what else to do
about it...
More information about the clue-tech
mailing list