On Wed, 28 Oct 2009, Jeremy Davila wrote:
How can I prevent this from Happening.
As far as the "my address isn't in the To: header", you can't. That would
break lots of legitimate email, like BCCs and (as Evan pointed out) mail
from this mailing list.
I'm currently using Exim for the SMTP relay then passing to Lotus
Domino. Any suggestions will be appreciated.
Is SpamAssassin anywhere in there? If so, we're back to a simple case of
"why did this spam get through SA?" If not, we probably can't help you.
The fact that you don't know the difference between the To: header and the
envelope suggests you aren't the administrator of your email system. Is
that indeed the case? If you aren't the admin then you should be talking
to your admin about this, and (s)he can contact us if help is needed in
troubleshooting your SA install.
If you _are_ the admin for your mail system, we need to know things like
how SA is hooked into your mail system (I assume it's being called somehow
by Exim - how?), and we need to see samples of spam messages that got
through. Those samples _must_ be complete - _all_ headers must be intact,
including the ones your mail client is not showing you - and they should
be posted to a website (like pastebin.com) rather than being mailed to the
list.
Getting usable samples out of Domino is going to be, unfortunately, your
problem. Somebody here may be able to give advice how to do that.
When that is done we may be able to provide suggestions for changes to
your SA install.
John Hardin <jhar...@impsec.org>
On Wed, 28 Oct 2009, Jeremy Davila wrote:
I'm getting Spam which is addressed to another person in my company ,
but it getting sent to me . So in my inbox the To Field is Kristin ,
but in Jeremy's inbox.
The information in the To: header has nothing to do with who actually
receives the message. Delivery is controlled by the "envelope To", which
is the "please send this message to" address communicated during message
transfer between mail programs.
There are more details available if you google "smtp envelope to address"
It's risky to use "my address isn't in the to:" as a spam sign, because
blind carbon copies would always hit and forwarded messages (e.g. from
your gmail account to your ISP account) would likely hit.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
3 days until Halloween
