On Fri, 27 Mar 2009 09:44:21 +1100 "Ross Tsolakidis" <ross.tsolaki...@day3.com.au> wrote:
> Just change the users password and slap them for clicking on the link. > Easy. Easy but tedious. I had to resort to installing postfix-policyd to rate limit them. (Make sure you have Squirrel use auth so regardless of forged-from lines, you still rate limit accounts). > > However, my question (finally) is :) > > Received: from 217.21.80.109 > (SquirrelMail authenticated user > redac...@fearmail.com.au > by webmail.fearmail.com.au with HTTP; > > I have no user called 'redacted' in our email user auth database, I've > checked and rechecked, and the bulk of these messages all have the > same headers; redacted = edited. Whoever sent that as part of a spam complaint removed the actual information there as part of their complaint mechanism (so they don't leak who complained or the address of a spamtrap). Isn't that helpful? Odds are you can find the information by looking in your queue and using postcat on some of the mail that is backlogged. (And, of course, postsuper -d away all the backlogged spam. Else, when you get unblacklisted, the flood gates will open again and you'll be back on the list.)
