I am also getting inundated with German gibberish spam. Would you mind explaining the significance (if any) of the email address that you posted? I am finding that the German Gibberish garbage is spoofing a different email address with each posting.
Thanks Mike On 5/16/05, Bart Silverstrim <[EMAIL PROTECTED]> wrote: > > Some more info... > > I see in our amavis logs on our ClamAV system (postfix pre-filter > FreeBSD for email) this kind of listing... > /usr/local/sbin/amavisd[35705]: (35705-10) Blocked INFECTED > (Worm.Sober.P), <[EMAIL > PROTECTED]<http://aolclient-24-25-128-223.aol.nycap.res.rr.com>> > -> > <f-Ge2_bV@<address snipped>>, Hits: -, tag=0, tag2=4, kill=4, L/0/0/0 > > That address had been hammering us over and over for awhile with > sober.p. Now it's become quiet. > > I notice a huge amount of german messages coming in, getting past the > AV and our spam filter. I went into the Exchange server and there was > one sample message in one of the recipient mailboxes with the following > in the headers: > > Received: from oncsbuv.com <http://oncsbuv.com> > (aolclient-24-25-128-223.aol.nycap.res.rr.com<http://aolclient-24-25-128-223.aol.nycap.res.rr.com>[ > 24.25.128.223 <http://24.25.128.223>]) > > The message has the German subject line and the text appears to be just > a link to a website...? > > Perhaps we now know what happened to sober.p? > > (anyone know offhand how to use the access file for postfix to reject a > message by *sender* instead of recipient?) > > _______________________________________________ > http://lurker.clamav.net/list/clamav-users.html > _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
