Hello all! I have recently come across a few spams that I am trying to
block. The anatomy of the message probably isn't new to most of you,
but when I try to recreate the spoofed sections that I wish to filter by
hand over telnet, its clear that I am not understanding how the messages
are being built. Example to follow below:
note the from line is spoofed to be wo...@mydomain.com,
i...@spamdomain.com, senten...@spamdomain.com. Which appears to my users
as coming from a user in my domain. Id like to filter against this, but
when I go into telnet and try to make a mail with a from field so
deformed, my mail server spits back "I can break things too" and quits
my connection. How can I manually recreate this spoof so that I can
learn how to filter it out?
Thanks for your pointers!
Joshua Kordani
jkord...@intlogsys.com
X-Account-Key: account2
X-Mozilla-Keys:
Return-Path: <remodel...@frailich.com>
Received: from murder ([unix socket])
by mydomain.com (Cyrus v2.3.7-Invoca-RPM-2.3.7-2.el5) with LMTPA;
Thu, 25 Feb 2010 11:20:39 -0500
X-Sieve: CMU Sieve 2.3
Received: from localhost (mylocalhostname [127.0.0.1])
by mydomain.com (Postfix) with SMTP id 6C663D8863
for <emplo...@mydomain.com>; Thu, 25 Feb 2010 11:20:39 -0500 (EST)
Received: from work.frailich.com (work.frailich.com [64.120.12.102])
by mydomain.com (Postfix) with SMTP id 01F22D8854
for <mgrinn...@intlogsys.com>; Thu, 25 Feb 2010 11:20:38 -0500 (EST)
To: <emplo...@mydomain.com>
From: bathr...@mydomain.com, remodel...@frailich.com
Reply-To: <bathroomremodel...@frailich.com>
Subject: Bathroom Remodeling Ideas
Date: Thu, 25 Feb 2010 11:20:37 -0500
MIME-Version: 1.0
Content-type: text/html
Message-Id: <20100225162039.01f22d8...@mydomain.com>
X-Antispam: NO; Spamcatcher 4.1.11. Score 57
