On Tue, 19 Jul 2016, Jan-Kees van Kampen wrote:
Hi John,
It would be better if you could post a few spamples to something like
pastebin or a webserver you control and send the URLs to the list so
that we can see the complete raw messages.
here are 3 examples:
http://sandberg.nl/sp/
1 and 2 have the pattern I described before,
3 is another one
I didn't see such an obvious pattern,
but I don't know how to tackle that one neither ...
thanks,
Jan-kees
FWIW all three of those messages came from sources that are on multiple
IP-based block-lists (DNSBLs) such as spamhaus.net, spamcop.net, & abuseat.org.
If you were using those methods for filtering (either via postfix filtering or
SA scoring) those messages shouldn't have made it thru your filtering system.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
