Google Kreme schreef:
On 28-Nov-2006, at 09:05, Michael J Wise wrote:
Here's a hint: Get a bunch of this stuff, and look at all the headers.
One thing "sicks" out.
Another is very subtle at first, and may take you ... "eight" times to
see, but once spotted, hard to miss.
Both are 0%FP SpamSign.
And Both are in the same header...
And it's not the one you're checking for.
Are you trying to be clever or something? If you have something to
say, say it.
I believe he means:
A forged Received: header with the domainname of the recipient
after "by" where the hostname is expected (if the two are different
in your setup).
Also the "id" part is garbage (but more difficult to check using
procmail -- maybe test for non-alphanumeric in the idstring?).
Example:
Received: from 64.246.58.104 (HELO mail.broida.com)
by xplanation.com with esmtp ((4)Q9E',O5 39-C2)
id I7;1BO-,K>)Q<-YT
for postmaster(_at_)xplanation(_dot_)com; Wed, 22 Nov 2006 19:11:27 +0000
while mail received by my mail host should have been
"... by hostname.xplanation.com".
--
Paul Bijnens, Xplanation Tel +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM Fax +32 16 397.512
http://www.xplanation.com/ email:
Paul(_dot_)Bijnens(_at_)xplanation(_dot_)com
***********************************************************************
* I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, F6, *
* quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, *
* kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ... "Are you sure?" ... YES ... Phew ... I'm out *
***********************************************************************
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail