On 07/25/2011 11:19 AM, Vaccus Spurcamen wrote:
On Mon, 2011-07-25 at 11:14 +0200, J4K wrote:
Morning everyone,
Whilst trying to debug a spammer, or potential misconfiguration in
my SA/postfix set-up, I noticed this in the spam header:
*Received: from 95.132.70.144(helo=xxx.co.uk) by xxx.co.uk with esmtpa
(Exim 4.69) (envelope-from ) id 1MMY4Z-6815vh-KW for <address@hidden>;
Mon, 25 Jul 2011 08:05:42 +020*
The ESMTPA noted in the header stuck me as strange. 1) Does this mean
that spammer authenticated with an smtp-auth username and password?
Suggests an authenticated user - nothing unusual in that, spammers
hijack accounts all the time (assuming the header is, of course,
genuine)
Agreed. I don't know if the header is genuine.
The milter, with its current calling parametres, should not give it
a free ride. ( I do not know whether it is or not). The -I is not
configured, so it shouldn't...
2) Is there an SA rule that would subtract points if this is seem in a
header ( I didn't think so)?
You could always write one.
Agreed, but there no reason at the moment to re-invent the wheel,
if its already been written.
|