Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Stopping SPAM via Subjectline ?

1 view
Skip to first unread message

Frank Gadegast

unread,
Jan 21, 2001, 2:02:11 PM1/21/01
to

Hi,

I receive weired SPAM with the following header over and over again ...

From MAILER-DAEMON Sun Jan 21 19:44:51 2001
Return-Path: <>
Received: from oemcomputer (dialin-155-86.tor.primus.ca
[216.254.155.86])
by www.powerweb.de (8.9.3/8.9.0.Beta5) with SMTP id TAA31642
for <weba...@powerweb.de>; Sun, 21 Jan 2001 19:44:41 +0100
Date: Sun, 21 Jan 2001 19:44:41 +0100
Message-Id: <2001012118...@www.powerweb.de>
From: Hahaha <hah...@sexyfun.net>
Subject: Snowhite and the Seven Dwarfs - The REAL story!
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--VEDY30LEFCLQ38XENCTEJ4L6RKX638D"
Status: RO

The received relay host is always different making it difficult to
filter
it out.

The maillog looks like this

Jan 21 19:44:51 www sendmail[31642]: TAA31642: from=<>, size=31861,
class=0, pri
=61861, nrcpts=1, msgid=<2001012118...@www.powerweb.de>,
proto=SMTP, rel
ay=dialin-155-86.tor.primus.ca [216.254.155.86]
Jan 21 19:44:51 www sendmail[31663]: TAA31642: to=root, delay=00:00:10,
xdelay=0
0:00:00, mailer=local, stat=Sent

Sendmail is 8.9.3

How can I blocked this spammer by e.g blocking the subjectline, wich is
always the same. Or are there other ways ?

What I dont understand is: why does sendmail accept this mail anyway ?
It does not contain any sender email address, so is doesnt contain
a domain and it should be blocked, or not ?

Bad enough the attachment in this mail is a virus ...

Even worth, I have the faked Fromline hah...@sexyfun.net blocked via
the access list with a REJECT, but still get it ...


Please help, Frank
--
PHADE Software - PowerWeb http://www.powerweb.de
Inh. Dipl.-Inform. Frank Gadegast mailto:fr...@powerweb.de
Otto-Nagel-Str. 1a fon: +49 331 2370780
14467 Potsdam, Germany fax: +49 331 2370781
======================================================================
PowerWeb = Deutschlands Pauschal-Webhoster mit freiem
Platz im Netz Speicherplatz UND freiem Uebertragungsvolumen.

Claus Assmann

unread,
Jan 21, 2001, 6:32:35 PM1/21/01
to
Frank Gadegast wrote:

> I receive weired SPAM with the following header over and over again ...

Welcome to the club.

> Return-Path: <>

> From: Hahaha <hah...@sexyfun.net>
> Subject: Snowhite and the Seven Dwarfs - The REAL story!

> Sendmail is 8.9.3

> How can I blocked this spammer by e.g blocking the subjectline, wich is
> always the same. Or are there other ways ?

You can block e-mail based on headers.

See:
http://www.digitalanswers.org/check_local/
doc/op/op.me and cf/cf/knecht.mc for examples.


> What I dont understand is: why does sendmail accept this mail anyway ?

RFC 1123 requires to accept <> as envelope sender,
this is how DSNs are sent.

--
If you feel the urgent wish to send me a courtesy copy of a Usenet
posting, then make sure it's recognizable as such!
The FAQ: http://www.sendmail.org/faq/ Before you ask.

Leif Neland

unread,
Jan 22, 2001, 1:23:50 AM1/22/01
to
Install a virusscanner, for instance avpkeeper from kasperskylab


"Frank Gadegast" <ph...@powerweb.de> skrev i en meddelelse
news:3A6B3233...@powerweb.de...

0 new messages