What would be the best way (i know best is subjective) to block a message like the one below ?
Would adding microsoft.com to my SPAMDOMAINS file work ??
No, that wouldn't work -- the E-mail was sent with a return address of <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]
However, this one appears to be a virus --
Received: from av3.stonline.sk [213.81.152.34] by updatenyc.com with ESMTP
(SMTPD32-8.04) id A1CA33F0062; Tue, 18 Nov 2003 03:01:14 -0500
Received: from smtp.stonline.sk ([192.168.4.53])
by av3.stonline.sk (8.12.10/8.11.6) with ESMTP id hAI7wHJi029648
for <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>; Tue, 18 Nov 2003 08:58:17 +0100
Received: from rwos (telecom-213-161-129.telecom.sk [213.81.161.129])
by smtp1.stonline.sk (STOnline ESMTP Server)
with SMTP id <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED] > for <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED];
Tue, 18 Nov 2003 08:58:17 +0100 (MET)
It looks like it came from a "good" mailserver that received it from a dialup client, and:
Date: Tue, 18 Nov 2003 08:57:50 +0100 (MET) Date-warning: Date header was inserted by smtp1.stonline.sk
It was originally missing a Date: header (thank smtp1.stonline.sk for "fixing up" the E-mail to make it less likely to be blocked!).
From: Microsoft Corporation Network Security Center <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
Subject: Network Security Update
To: Commercial User <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
... and uses virus-like From:/Subject:/To: headers.
Message-id: <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
Good old stonline.sk -- had they not altered the headers, this E-mail would have failed both the BADHEADERS and SPAMHEADERS tests.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
