Re: new kind of spam (apparently from mailer daemon)

Mon, 26 Apr 2010 01:43:24 -0700 

Dear Sir / Madam,
I don't know what's happen about the spam, I just asking you to remove me from the block list, because I can't send email to my customer. 

Please help and settle the problem.

Thanks & Best Regards,

Billy Lau
Direct Line:(852) 3969 0684 / Cell Phone:(852) 9220 1286
Email:  sal...@fashionable.com.hk

Nicer Fashion Ltd.
Tel:(852) 3969 0688
FAX:(852) 2361 9964
URL: www.fashionable.com.hk
9/F, Full View Factory Building,
50-52, Tong Mi Road, Mong Kok,
Kowloon, Hong Kong.


----- Original Message ----- 
From: "Lucio Chiappetti" <lu...@lambrate.inaf.it>

To: "Spamassassin list" <users@spamassassin.apache.org>
Sent: Monday, April 26, 2010 4:27 PM
Subject: new kind of spam (apparently from mailer daemon)



I have just found a new kind of spam which went through our spamassassin 
(actually it got a "banned" notification - we quarantine spam and virus but 
let banned be delivered).



The subject was "Delivery reports about your e-mail", the apparent 
originator was From: "MAILER-DAEMON" <nore...@ourdomain>, the body was 
empty and there was a single attachment "transcript.zip".



There are only two Received lines in the header as seen on my destination 
machine (I've edited out the local details):


Received: from our_mx by my_machine for my_address

Received: from ourdomain (localhost [113.167.75.53] (may be forged)by 
our_mx



So it looks like the spammer connected directly to our mx (one of two), 
faking its name as our domain.



To users it seems a strange mailer daemon message, since our mx are linux 
boxes and do not send zipped reports. So it is obvious spam.



My question is : is it ok to feed it into the sa-learn crontab we use for 
spam which escapes spamassassin, or the way it is forged will cause 
problems (e.g. filtering legitimate mailer daemon reports ?)



--
------------------------------------------------------------------------
Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy)
------------------------------------------------------------------------
Citizens entrusted of public functions have the duty to accomplish them
with discipline and honour
                          [Art. 54 Constitution of the Italian Republic]
------------------------------------------------------------------------
For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html
------------------------------------------------------------------------



__________ Information from ESET NOD32 Antivirus, version of virus 
signature database 5060 (20100426) __________


The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



























					Reply via email to