On Wednesday, Apr 16, 2003, at 23:21 Canada/Mountain, Professional
Software Engineering wrote:
At 18:39 2003-04-16 -0600, LuKreme wrote:
Now, syth.serveftp.net is one of my dyndns domains and I know that
there is no valid user on my machine named "Bill."
The mail no doubt is being injected directly at your server - if you
check the Received headers, the first one (and, if you're reading mail
ON that host, the ONLY one) will be when the message was passed from
some host to yours.
From vmjc4mdu(_at_)sina(_dot_)com Wed Apr 16 02:08:32 2003
Received: from localhost [127.0.0.1] by syth.serveftp.net
with SpamAssassin (2.50 1.173-2003-02-20-exp);
Wed, 16 Apr 2003 02:08:42 +391938
From: Bill(_at_)syth(_dot_)serveftp(_dot_)net,
McLion(_at_)southgaylord(_dot_)com
To: kreme(_at_)cerebus(_dot_)kreme(_dot_)com
Subject: (Spam? 14.00) 1 million recipients spam free for only $129
Date: Wed, 16 Apr 03 15:50:39
\xd6\xd0\xb9\xfa\xb1\xea\xd7\xbc\xca\xb1\xbc\xe4
Message-Id:
<20030416080831(_dot_)D8B6221FEDE(_at_)syth(_dot_)serveftp(_dot_)net>
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=14.0 required=5.0
tests=BAYES_90,BULK_EMAIL,CLICK_BELOW,DATE_IN_FUTURE_06_12,
EXCUSE_1,EXCUSE_19,HEADER_8BITS,HTML_80_90,
HTML_LINK_CLICK_HERE,INVALID_DATE,LIMITED_TIME_ONLY,
REPLY_TO_EMPTY,SUBJ_FOR_ONLY,UNSUB_PAGE
version=2.50
X-Spam-Level: **************
X-Spam-Checker-Version: SpamAssassin 2.50 1.173-2003-02-20-exp
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_3E9D0F8A.066BE8EE"
Status: RO
X-Status:
X-Keywords: Junk
X-UID: 838
What I find odd is that there is almost no info in the received header.
Shouldn't postfix be keeping track of the IP address that connected?
Anyway, that's not really the point. The question is, can I look at
the "From: Bill(_at_)systh(_dot_)serveftp(_dot_)net" and have procmail somehow test if
that usersname is valid:
:0
^ From:(.*\<)\/(_dot_)*(_at_)syth(_dot_)serveftp(_dot_)net
{
LOCALUSER=$MATCH
[ Some magic to check if localuser is valid]
:0
* [localuser is not valid]
do stuff here...
}
I suppose I could check if the From: matched the From_ though, that
might work.
Does it matter if I'm checking only LOCAL users or could i also check
my actual remote mailserver?
Uh, please explain. Sounds like your email may arrive on a host and
you're fetchmailing it? Where is procmail running? Where are the
SMTP connections coming in?
Mailserver is southgaylord.com/kreme.com and I get mail down via
fetchmail. The syth.serveftp.net is my home machine using dyndns and
has accounts for me, my family, and some friends. I do get SOME mail
directly to the dyndns domain, but very very little.
--
I wrote this song two hours before we met. I didn't know your name, or
what you looked like yet....
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail