[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MS mail bombs

Michael C. wrote:

In linux.debian.user, Ron Johnson <ron.l.johnson@cox.net> wrote:
On Sat, 2003-09-20 at 00:22, Steve Lamb wrote:
On Fri, 19 Sep 2003 23:08:42 -0600
"Walt L. Williams" <wwilliams@intergate.com> wrote:
Is there anyone else out there being mail bombed with emails
that look like there from M$? The rate at which their coming is increasing exponentially.
   My solution has been exim4, exiscan-acl, clamav, spamassassin and liberal
use of shorewall's blacklist.

Does that prevent the emails from being downloaded from the ISP's
pop3 server in the 1st place?

I asked this on alt.os.linux.  I was told to search freshmeat.net for a
perl script called "poppy."  It will get headers only, and ask what you
want to do with the mail one by one, but it also includes a script
called spamkill, which does okay.

I'm debugging some changes I made now.  I tweaked it so if my email
isn't in the To:, Cc:, or Bcc: header it should be considered spam.

Right now To:, and Cc: both work.

I am almost 100% positive that your mail server won't have a Bcc: header for incoming mail.

I imagine you have some whitelist rule for exceptions like the debian-user list which should have it's address in the To: line instead of your address. Sometimes debian-user goes on the Cc: line, which you must be watching for as well.

Happy mail filtering,

Reply to: