Hi Youzef,
I am suggesting something that has been discussed controversially in the past: dont let the mail even reach SA.... I would assume that mail reaching my mailserver and saying it is from my domain would be mail submitted by one of my users, so I have changed the MTA to require authentication. At the time I did that, the only valid mail with forged sender was some kind of ebay notification, but they seem to have changed that. Your headers dont show anything about SA testing; there was a discussion about SA not scanning messages occasionally Also I would expect that emailmarketingmasters.com should show up in various RBLs - check whether you have network tests enabled Wolfgang Hamann >> >> >> Today I got a spam message which seems, at least for a newbie like me, >> succeeded in passing SA for some reason! >> >> I'm calling SA through amavisd-new and have my Rules Du Jour updated >> (manual updates so far) >> >> I would like to block such messages therefore, I'm seeking your kind >> assistance in determining how it passed the "tests" and what am I >> supposed to do in order to prevent these messages? >> >> Here are the headers of the message >> >> Return-Path: <[EMAIL PROTECTED]> >> Received: from 10.10.10.50 by mailsrv with ESMTP id 44344701140190415; >> Fri, 17 Feb 2006 18:33:35 +0300 >> Received: from kansai.savoladns.com ([10.10.10.10]) by imssr with >> trend_isnt_name_B; Fri, 17 Feb 2006 18:43:31 +0300 >> Received: from kansai.savoladns.com ([127.0.0.1]) by localhost >> (kansai.savoladns.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP >> id 19503-12 for <[EMAIL PROTECTED]>; Fri, 17 Feb 2006 18:43:23 +0300 >> (AST) >> Received: from emailmarketingmasters.com (i538754C0.versanet.de >> [83.135.84.192]) by kansai.savoladns.com (Postfix) with SMTP id >> 7B42810073 for <[EMAIL PROTECTED]>; Fri, 17 Feb 2006 18:43:21 +0300 (AST) >> Received: from 208.153.96.3 (SquirrelMail authenticated user >> [EMAIL PROTECTED]); by emailmarketingmasters.com with HTTP id >> J85Gz008484008; Fri, 17 Feb 2006 15:42:56 +0000 >> Message-Id: <[EMAIL PROTECTED]> >> Date: Fri, 17 Feb 2006 15:42:56 +0000 (18:42 AST) >> Subject: In the Heart of Your Business! >> From: Alishia Hurst <[EMAIL PROTECTED]> >> To: [EMAIL PROTECTED] >> User-Agent: SquirrelMail/1.4.3a >> X-Mailer: SquirrelMail/1.4.3a >> MIME-Version: 1.0 >> Content-Type: text/html >> X-Priority: 3 >> X-Virus-Scanned: amavisd-new at savola.com >> >> Notice that the sender used my address as their E-mail address (forged >> mail) >> >> Running: >> SA SpamAssassin Client version 3.1.0 >> amavisd-new-2.3.3 (20050822) >> Postfix 2.2.5 >> >> Sincerely, >> Yousef Raffah >> Senior Systems Administrator >> SSIS - The Savola Group >> >> --
