In this scenario you're better off trying to help others clean up their
networks than to try to block or filter based on the content. As you
stated, they are the Gorillas of mail and you can't really block them.
So, work with them. Believe it or not, these records are published
because people are behind those phone numbers and addresses. Help them
to do their jobs by getting them the information they need.
OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: [EMAIL PROTECTED]
OrgAbuseHandle: IC146-ARIN
OrgAbuseName: Cox Communications, Inc
OrgAbusePhone: +1-404-269-7626
OrgAbuseEmail: [EMAIL PROTECTED]
Send a copy of the original email below with full headers to the above
addresses. The originating client IP is in Cox's broadband cable
network in Oklahoma:
Name: ip68-97-155-25.ok.ok.cox.net
Address: 68.97.155.25
M$ can put a hold on or disable the Hotmail account. Cox can either
kill the customer if he/she is a repeat offender or assist in getting
the PC cleaned up if it's a zombie infection.
James Robertson wrote:
Recently we noticed an increase in junk and discovered that it's coming
from Hotmail (and to a lesser extent Yahoo).
The problem is that these spammers are smarter that the average spammer.
The don't spam flatout all the time (not to us anyway) and since the
mail comes from hotmail's servers and they use a Hotmail address
"<[EMAIL PROTECTED]> then they get by Postfix and Spamassassin
quite easily.
I have not tested it but I would imagine greylisting would fail since
hotmail's servers will do the normal thing and retry later (using same
sender address etc).
Most of what we have been getting is Drugs related junk so I increased
the scores in Spamassassin accordingly which has helped but some still
gets by based on different content in the messages and obvioulsy if they
chnage tactics and start doing weight loss etc then it will probably get
in.
We cannot block hotmail due to valid mail coming from there. Is there a
way in Postfix that could filter out this junk somehow?
Below are some examples
##########################################################
Microsoft Mail Internet Headers Version 2.0
Received: from mail.icfrith.com.au ([XXX.XXX.XXX.XXX]) by
icfmail1.icfrith.com.au with Microsoft SMTPSVC(5.0.2195.6713);
Tue, 19 Aug 2008 23:59:42 +1000
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.icfrith.com.au (Postfix) with ESMTP id DD64D2B959
for <[EMAIL PROTECTED]>; Tue, 19 Aug 2008 23:59:43 +1000
(EST)
X-Virus-Scanned: Debian amavisd-new at icfrith.com.au
X-Spam-Score: -0.144
X-Spam-Level:
X-Spam-Status: No, score=-0.144 required=5.31 tests=[BAYES_00=-2.599,
DCC_CHECK=2.17, DRUGS_ERECTILE=0.282, HTML_MESSAGE=0.001,
ONLINE_PHARMACY=0.001, TVD_VISIT_PHARMA=0.001]
Received: from mail.icfrith.com.au ([127.0.0.1])
by localhost (icfsydmxg-vm.icfrith.com.au [127.0.0.1])
(amavisd-new, port 10024)
with ESMTP id JLdoDGWcLqRX for <[EMAIL PROTECTED]>;
Tue, 19 Aug 2008 23:59:40 +1000 (EST)
Received: from blu0-omc3-s29.blu0.hotmail.com
(blu0-omc3-s29.blu0.hotmail.com [65.55.116.104])
by mail.icfrith.com.au (Postfix) with ESMTP id 00ED62B905
for <[EMAIL PROTECTED]>; Tue, 19 Aug 2008 23:59:34 +1000
(EST)
Received: from BLU135-W36 ([65.55.116.73]) by
blu0-omc3-s29.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 19 Aug 2008 06:59:27 -0700
Message-ID: <[EMAIL PROTECTED]>
Content-Type: multipart/alternative;
boundary="_605a643e-57e1-4566-b4f5-80149ef06c75_"
X-Originating-IP: [68.97.155.25]
From: Nancy Johnson <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Back into the youth - only with Viagra Professional
Date: Tue, 19 Aug 2008 13:59:26 +0000
Importance: High
MIME-Version: 1.0
X-OriginalArrivalTime: 19 Aug 2008 13:59:27.0695 (UTC)
FILETIME=[CB5F55F0:01C90203]
Return-Path: [EMAIL PROTECTED]
--_605a643e-57e1-4566-b4f5-80149ef06c75_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_605a643e-57e1-4566-b4f5-80149ef06c75_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_605a643e-57e1-4566-b4f5-80149ef06c75_--
#################################################################
Microsoft Mail Internet Headers Version 2.0
Received: from mail.icfrith.com.au ([XXX.XXX.XXX.XXX]) by
icfmail1.icfrith.com.au with Microsoft SMTPSVC(5.0.2195.6713);
Tue, 19 Aug 2008 20:55:59 +1000
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.icfrith.com.au (Postfix) with ESMTP id 5A7AC2B961
for <[EMAIL PROTECTED]>; Tue, 19 Aug 2008 20:56:00 +1000
(EST)
X-Virus-Scanned: Debian amavisd-new at icfrith.com.au
X-Spam-Score: 1.728
X-Spam-Level: *
X-Spam-Status: No, score=1.728 required=5.31 tests=[BAYES_50=0.001,
DRUGS_ERECTILE=0.282, FB_CIALIS_LEO3=1.441, HTML_MESSAGE=0.001,
SUBJECT_DRUG_GAP_C=0.003]
Received: from mail.icfrith.com.au ([127.0.0.1])
by localhost (icfsydmxg-vm.icfrith.com.au [127.0.0.1])
(amavisd-new, port 10024)
with ESMTP id oFVqnG2CBkCi for <[EMAIL PROTECTED]>;
Tue, 19 Aug 2008 20:55:52 +1000 (EST)
Received: from blu0-omc2-s17.blu0.hotmail.com
(blu0-omc2-s17.blu0.hotmail.com [65.55.111.92])
by mail.icfrith.com.au (Postfix) with ESMTP id 6700E2B905
for <[EMAIL PROTECTED]>; Tue, 19 Aug 2008 20:55:45 +1000
(EST)
Received: from BLU118-W8 ([65.55.111.72]) by
blu0-omc2-s17.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 19 Aug 2008 03:55:42 -0700
Message-ID: <[EMAIL PROTECTED]>
Content-Type: multipart/alternative;
boundary="_de1bbbbe-6bd9-42f3-a8c2-16a3ba887632_"
X-Originating-IP: [119.141.38.224]
From: Nancy Taylor <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Amplify your sexual power with Soft Cialis.
Date: Tue, 19 Aug 2008 10:55:42 +0000
Importance: High
MIME-Version: 1.0
X-OriginalArrivalTime: 19 Aug 2008 10:55:42.0785 (UTC)
FILETIME=[20039310:01C901EA]
Return-Path: [EMAIL PROTECTED]
--_de1bbbbe-6bd9-42f3-a8c2-16a3ba887632_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_de1bbbbe-6bd9-42f3-a8c2-16a3ba887632_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_de1bbbbe-6bd9-42f3-a8c2-16a3ba887632_--
