Jose Hales-Garcia put forth on 4/11/2011 4:47 PM: > > Hello, > > I've recently been getting spam that has the first received header filled in > with multiple users. This is an example. > > Received: from 79.14.233.16 (account <user1@domain>, > <user2@domain>, <snip> > <user20@domain> HELO domain) > by domain (CommuniGate Pro SMTP 5.2.3) > with ESMTPA id 107437582 for <user1@domain>; Mon, 11 Apr 2011 10:19:10 > +0100 > > My first idea for handling these messages is writing a filter in > header_checks using regexp. Is this the best approach to take using Postfix > 2.4.3?
Probably not. Provide the full header and we may be able to give you better options. If this is bot spam or snowshoe spam, there are much better ways to deal with it, but we need to see the source IP. If it's phish from a compromised gorilla, webmail, or other account, it's more difficult, and header_checks may be appropriate. With what you've posted thus far, it's impossible to give a definitive answer. -- Stan
