> > > I agree. It seems funny to do a check for SPAM and not do > > > any sort of check for open relay. > > I'm no expert on Received headers, but: > > Received: from 212.214.136.47 (EHLO smtp-fe2.ballou.se) > (212.214.136.47) by mta128.mail.sc5.yahoo.com with SMTP; Thu, > 11 Dec 2003 > 22:14:46 -0800 > Received: by smtp-fe2.ballou.se (Postfix, from userid 503) id > 5F42490991; Fri, 12 Dec 2003 08:14:28 +0100 (CET) > Received: from localhost [127.0.0.1] by smtp-fe2 with SpamAssassin > (2.60 1.212-2003-09-23-exp); Fri, 12 Dec 2003 08:14:28 +0100 > > Isn't that last header saying that the outgoing mail/smtp connection > was made from a local machine, using user-id 503?
Yes... perhaps some other security hole than an open relay is in place. For example, perhaps there's a CGI script which sends email and doesn't adequately verify variables. Or perhaps the box is rooted and the spammer is using command-line sendmail. It looks to me as though userid 503 is probably the postfix user or possibly the spamassassin user, not necessarily initiator of the outgoing mail. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
