[sanesecurity] Re: Need help with external Spammer
- From: Brian Evans <grknight@xxxxxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Thu, 17 Mar 2011 09:24:33 -0400
On 3/17/2011 8:52 AM, Steffen Ille wrote:
> Hi Steve.
> They've changed something, the Signature doesn't catch it anymore.
> 230 Mails in 2 Minutes :-(
>
> Attached you'll find such a Mail as example.
>
> Cheers, Steffen
> X-Spam-Status: Yes, score=13.097 required=5 tests=[BAYES_99=3.5,
> RATWARE_MS_HASH=2.148, RATWARE_OUTLOOK_NONAME=2.95,
> RCVD_IN_DNSWL_NONE=-0.0001, URIBL_AB_SURBL=4.499] autolearn=no
Personally, I'd quarantine or drop a message with such a high spam score.
> Return-Path: <yqnky@xxxxxx>
In addition, if they are all coming from this edz.de, I would blacklist
that sender domain in your Postfix config.
It seems as if edz.de is a bogus/holding domain and not a real
provider/person.
Brian
Other related posts:
