forged from |
  |
 Apr 26 2007, 09:04 PM
Post
#1
|
|
|
Newbie  Group: Members Posts: 7 Joined: 18-April 07 Member No.: 3,276  |
Hi,
I?m using your helo checks, but today I received some spam, but this time with a forged "FROM", (which exists but it?s not mine) as you can see in the email source, is there a way to check this and stop this kind of forgery ? Thanks. QUOTE Return-path: <contact@natuurfoto.net>
Envelope-to: jcorreia@blablalba.com Delivery-date: Thu, 26 Apr 2007 14:15:45 +0100 Received: from atlier by server.blablalba.com with local-bsmtp (Exim 4.63) (envelope-from <contact@natuurfoto.net>) id 1Hh3p2-0001dh-Ov for jcorreia@blablalba.com; Thu, 26 Apr 2007 14:15:44 +0100 X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on server.blablalba.com X-Spam-Level: X-Spam-Status: No, score=-6.4 required=3.3 tests=DRUGS_ANXIETY, DRUGS_ANXIETY_EREC,DRUGS_ANXIETY_OBFU,DRUGS_DIET,DRUGS_ERECTILE, DRUGS_ERECTILE_OBFU,DRUGS_MANYKINDS,DRUGS_PAIN,DRUGS_SLEEP,DRUGS_SLEEP_EREC, FUZZY_AMBIEN,FUZZY_CPILL,FUZZY_VLIUM,FUZZY_VPILL,USER_IN_WHITELIST autolearn=no version=3.1.8 Received: from [124.102.45.174] (port=1866 helo=p2174-ipbf1602marunouchi.tokyo.ocn.ne.jp) by server.blablalba.comt with smtp (Exim 4.63) (envelope-from <contact@natuurfoto.net>) id 1Hh3p0-0001mz-2v; Thu, 26 Apr 2007 14:15:42 +0100 X-Originating-IP: 120.0.151.224 by smtp.124.102.45.174; Thu, 26 Apr 2007 09:15:33 -0500 Message-ID: <ffjoyXPMQQatlier@blablalba.com> From: "Earnestine Mayes" <atlier@blablalba.com> Reply-To: "Earnestine Mayes" <atlier@blablalba.com> To: atlier@blablalba.com Subject: Re: Your V1agra S0ft T4bs 0rder #5758287 Date: Thu, 26 Apr 2007 09:15:33 -0500 Content-Type: text/plain; Content-Transfer-Encoding: 7Bit We have everything you need: Cial1s S0ft T4bs, V1agra S0ft T4bs, Cial1s, V1agra, Lev1tra, Propec1a, Val1um, Xan4x, Amb1en, Zyb4n, Atar4x, At1van, Car1soma, Ultr4m, Glucoph4ge, Lip1tor, Mer1dia, Zoc0r, N0rvasc. We respect your privacy - we guarantee you a total anonymity of your 0rder. Visit US He4lthc4re Inc. online at: http://www.nenebbeui.com/ |
 |
 
|
|
Apr 27 2007, 09:39 AM
Post
#2
|
|
|
Administrator Group: Admin Posts: 4,252 Joined: 13-June 03 Member No.: 1 |
Not much you can do with forged from unless implement SPF. But it will create problem if you use it too strength. Try to increase the SA score for DRUGS_ANXIETY, DRUGS_ANXIETY_EREC,DRUGS_ANXIETY_OBFU,DRUGS_DIET,DRUGS_ERECTILE is another option.
|
|
|
|
|
Apr 27 2007, 09:49 PM
Post
#3
|
|
|
Newbie Group: Members Posts: 7 Joined: 18-April 07 Member No.: 3,276 |
Thanks,
that or decrease USER_IN_WHITELIST.. ooh How I hate spammers..... 
|
|
|
|
|
Apr 30 2007, 08:14 PM
Post
#4
|
|
|
Newbie Group: Members Posts: 7 Joined: 18-April 07 Member No.: 3,276 |
Hi,
I have beem thinking about this and don?t know if I?ve explained well. the FROM that they are sending is from a email from my domain, that?s why they are entering in my whistelist. AS you can see from the source althought the return path is contact@natuurfoto.net the from is one email from my domain. QUOTE Return-path: <contact@natuurfoto.net> Envelope-to: jcorreia@blablalba.com .... From: "Earnestine Mayes" <atlier@blablalba.com> this last from is forged, does this change anything in the way to catch this ? maybe crossing information from the return path with the 'from', they should be the same, no ? Thanks |
|
|
|
|
Apr 30 2007, 08:31 PM
Post
#5
|
|
|
Administrator Group: Admin Posts: 4,252 Joined: 13-June 03 Member No.: 1 |
I looked you mail header closely. Your spam scoes is a minus value as a result of USER_IN_WHITELIST. Usually it score -100 but it seems you change it value to -30. Nevertheless, remove your domain on the from whitelist should help.
|
|
|
|
|
| Lo-Fi Version | Time is now: 2nd September 2010 - 11:32 PM |