On Wed, 2004-11-03 at 19:25, Richard E Miles wrote:
> The following is a mail header from from a miss addressed mail I received. The
> To: is "kent sykes <ibalycejaynew@xxxxxxxxx>. This is not for me. I am at
> r.godzilla@xxxxxxxxxxxx Why am I receving this mail?
> I would like to stop such mails. Is there anyway to do this? I would
> appreciate any help you can give me to prevent such mails?
>
> Return-Path: draice@xxxxxxxxx
> Return-Path: <draice@xxxxxxxxx>
> Received: from localhost (localhost.localdomain [127.0.0.1])
> by localhost.localdomain (8.12.11/8.12.11) with ESMTP id iA3MQ439007547
> for <rmiles@localhost>; Wed, 3 Nov 2004 14:26:04 -0800
^^^^^^^^^^^^^^^^^^^^^^^^
> Received: from mail.comcast.net [63.240.76.10]
> by localhost with POP3 (fetchmail-6.2.5)
> for rmiles@localhost (single-drop); Wed, 03 Nov 2004 14:26:04 -0800 (PST)
> Received: from pammy.com (unknown[220.184.64.123](misconfigured sender))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> by rwcrmxc12.comcast.net (rwcrmxc12) with SMTP
> id <20041103222331r12004gmlue>; Wed, 3 Nov 2004 22:24:26 +0000
> X-Originating-IP: [220.184.64.123]
> Message-ID: <1EFF52BD.87F2FE2@xxxxxxxxx>
> Date: Wed, 03 Nov 2004 20:45:48 -0400
> From: "Stacey Warrender" <draice@xxxxxxxxx>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> User-Agent: QUALCOMM Windows Eudora Version 5.1
> MIME-Version: 1.0
> To: "kent sykes" <ibalycejaynem@xxxxxxxxx>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Subject: present the personalised solution quicksilver
> Content-Type: text/plain;
> charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> X-Virus-Status: No
> X-Virus-Checker-Version: ClamAssassin 1.1.0 with clamscan / ClamAV version 0.71
> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
> localhost.localdomain
> X-Spam-Level:
> X-Spam-Status: No, hits=0.1 required=5.0 tests=BAYES_44,RCVD_IN_SORBS
> autolearn=no version=2.63
What you are receiving is spam with forged headers as others have
indicated. It looks like you have spamassassin setup. So the best
option is for you to feed this to spamassassin as spam. After you feed
spamassassin enough of these it should bump up the bayes score to the
point that it will be marked as spam and the message will get shuffled
off to the spam folder.
I have marked some of the lines in the header you sent which indicate to
me that this is spam. It appears to have been sent from a system (most
likely a zombie) that is spewing spam. (220.184.64.123)
If you have control of the MTA this was sent to you might try installing
milter-greylist or a greylisting package for whatever MTA you are
using. Greylisting will block almost 100% of spam sent from zombie type
systems since they typically do not queue messages for resending. I
personally have installed greylisting on a server which was receiving
between 300 to 600 spam messages a day and after installing greylisting
the machine processed no more than 3 to 10 spam messages a day.
Also, since there were very few users on that server I implemented some
rules in the access database for sendmail which rejected all messages
sent to users that did not exist on the server. A lot of the spam had
valid domain for the site but invalid users.
If you are using fetchmail or some other method to get email from an
ISPs mail server then greylisting and changes to sendmail will not work
for you.
--
Scot L. Harris
webid@xxxxxxxxxx
The only difference between a rut and a grave is their dimensions.
