I would gladly block that 38.113.3.xx address in postfix like I blocked
those other 2000 ip-segments but.. they are not the actual sender. They
relay it to spambots I think:
Received: from 127ppp11.telegraph.spb.ru (127ppp11.telegraph.spb.ru
[213.158.11.127])
by *** (Postfix) with ESMTP id
Chris Santerre wrote on Fri, 15 Jul 2005 14:24:55 -0400:
> I played too much PSP and it has effected my brain pod :)
Well, have a nice weekend with or without the PSP :-)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http:/
> -Original Message-
> From: Kai Schaetzl [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 15, 2005 1:15 PM
> To: users@spamassassin.apache.org
> Subject: Re: this receive line only in spam
>
>
> Chris Santerre wrote on Fri, 15 Jul 2005 11:59:33 -0400:
>
&
Chris Santerre wrote on Fri, 15 Jul 2005 11:59:33 -0400:
> That subnet is listed in spews. Block away!
Spews is not reliable at all, don't use it for blocking!
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & h
>...
>
>FYI,
>I got another receive line here that occurs only in spam, with always the
>same ip-segment (not the ip-address that actually delivers the mail).
>First I tagged it with SA but now I block the mail in postfix, 15% less
>spam!.
>Maybe somebody recognizes these lines. It's the second rec
> -Original Message-
> From: Menno van Bennekom [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 15, 2005 10:41 AM
> To: users@spamassassin.apache.org
> Subject: Re: this receive line only in spam
>
>
> FYI,
> I got another receive line here that occurs only
FYI,
I got another receive line here that occurs only in spam, with always the
same ip-segment (not the ip-address that actually delivers the mail).
First I tagged it with SA but now I block the mail in postfix, 15% less
spam!.
Maybe somebody recognizes these lines. It's the second receive line, an
FYI,
Made a small rule for this and it gets hit every day sofar without any FP's.
So if anyone is interested:
header PORT_HELO Received =~ /from \[[0-9\.]*\]
\(port\=[0-9][0-9][0-9][0-9] helo\=\[[a-zA-Z]*\]\)/
describe PORT_HELO Header contains special port and helo
score PORT_HELO 10.00
Menno
>
> But I'm not so sure yet so my question is do you know of any HAM that uses
> receive lines like this?
Not sure, but running some mass-checks now to see.
Loren
I get a lot of med-spams lately that look the same, short, 2 lines with
one url, below that some text (from a book?).
Often it gets marked as spam because of the url, but not always because
bayes has no real grip on this mail.
Maybe there is a way to recognise them in the second receive-line becaus
10 matches
Mail list logo
