On Sat, 2008-03-22 at 19:31 +0100, Arvid Ephraim Picciani wrote: > > http://rafb.net/p/S95P6c12.html
Yes, this is a spam alright. The Message-Id alone tells so. See my rule KB_RATWARE_MSGID in bug 5830 [1]. > second, i'd love to go and slap some ISPs a round a little for not even > having > an abuse@ adress. my complaint at telecomitalia just bounced. It's like > saing "yeah our customers do spam, so what?". So how do we punish them a This is an unrelated, different topic -- see your Subject. Please start a new thread in such a case. > little? block them from the internet? impossible. DDOS? too childish. And illegal in most parts of this world, one might add... > i guess the most effective way would be to find some email adresses of chiefs > and relay all the spam from their network directly to their mailbox. until This *IS* a (D)Dos. Do not do that. > oh. another thing. there is a forged received header in the mail i think > (knowledge of email rfcs ends here) why didnt sa see it? No violation of RFCs, but you are right -- the first Received header is forged. My rule FORGED_RELAY_MUA_TO_MX is designed to catch this kind of forged Received headers with direct delivery to MX. See bug 5817 [2]. As to why SA doesn't see it (out of the box) currently is easy. Because no one spotted a pattern and wrote the code before. Well, until early Feb. ;) guenther [1] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5830 [2] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5817 -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
