jeff donovan a écrit : > > On Feb 4, 2009, at 9:47 AM, Brian Evans - Postfix List wrote: > >> jeff donovan wrote: >>> here is a sample of the bounce: I have modified the real users name. >>> >>> >>> >>> Article rejected, un-authorized poster of realusern...@beth.k12.pa.us >>> Received: from XDYHONJUP [189.22.134.132] by john23.com with ESMTP >>> (SMTPD32-8.00) id A6C57D10052; Wed, 04 Feb 2009 08:23:17 -0500 >>> Received: from 189.22.134.132 by mail2.beth.k12.pa.us; Wed, 4 Feb 2009 >>> 11:22:50 -0300 >> If this is to be believed, then: >> grkni...@mx1 ~ $ host 132.134.22.189.zen.spamhaus.org >> 132.134.22.189.zen.spamhaus.org has address 127.0.0.4 >> >> Zen wins again and this is spam accepted by your server and not >> BackScatter.
it is backscatter. john23.com has accepted the message from 189.22.134.132. the "Received: from 189... by mail2..." is obviously forged. >> [snip] > /^[> ]*Message-ID:.* <!&!/ DUNNO > /^[> ]*Message-ID:.*@(beth\.k12\.pa\.us)/ reject forged domain name in > Message-ID: header: $1 The message-id examples work for Wietse, not for you. better not unless you know the format of all message-id generated by all MUAs of all your users! AFAICT, you can however reject if /^Message-ID: <>/ REJECT blah blah
