[CLUE-Tech] bad trick

Tue Jul 1 00:09:01 MDT 2003

I have a problem - I have an extensive "ban list" on my server to help 
combat spam.  What I mean is, I religously update /etc/mail/access with 
lines like this:

checkyourinbox.com REJECT

I after I edit that file, besides just running /etc/rc.d/init.d/sendmail 
restart, I run through these steps in /etc/mail:

make clean
make all
newaliases
/etc/rc.d/init.d/sendmail restart

I have had that checkyourinbox.com line in there for weeks now - yet 
everyday, I get annoying emails from them. I have included the headers 
below from my latest:

Message-Id: <200307010213.h612DN5l014529 at fimble.com>
From: "Holly Jensen" <leave-insidersavings-64791891X at mail15.checkyourinbox.com>
To: STAVER at FIMBLE.COM
Subject: The Harry Potter Book Club
Date: Mon, 30 Jun 2003 21:31:25 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=="
Reply-To: leave-insidersavings-64791891X at mail15.checkyourinbox.com

This is a multi-part message in MIME format.

--==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

So, I'm confused as to how this email keeps getting by - I have them 
rejected at the mailserver level.  So, I don't know if they are spoofing 
something, because I don't get how it could get through.  Since my 
sendmail config isn't blocking it - does anybody know how to "blacklist" 
a domain in spamassassin? I have made spamassassin "learn" that emails 
like this one are spam, and I have sendmail reject them - but I still 
get a few a day from these bastards, and I don't know what else to do 
about it...