On 01/11/2010 05:22 AM, Jason Haar wrote:
Hi there
We've been getting a few of these leaking through in the past couple of
weeks.
http://pastebin.com/m574da717
They aren't triggering (enough) network rule matches, contain a
bayes-killer, and even FuzzyOCR can't manage the swirly image trick they
pull. Has anyone come up with a way to fight these? (I've actually added
all the phrases that occur in this image to FuzzyOCR - didn't help)
Unless you changed the headers, it looks like it came from an IP with no
reverse DNS entry.
This is easy enough to stop dead in it's tracks at your MTA. If there
isn't any reverse DNS, the chances of it being a legitimate mail server
are pretty slim.
Terry
