Hullo,
I'm finding mail headers a tad confusing.
If the header of a mail is as below, what is the actual address that needs to be entered in a blacklist file in SpamAssassin? Or for the local user to enter into an evolution blacklist file on their local machine?
info@courier.org smtpgw.nic.in ciyang22@yahoo.co.uk vastu3.nic.in wb.nic.in
?
Many thanks,
Jenny
Return-Path: info@courier.org Envelope-To: user@dream.mydomain.co.uk Delivery-Date: Sat, 17 Oct 2009 19:01:09 +0100 Received: from stoneboat.mydomain.co.uk ([80.68.88.63]) by dream.mydomain.co.uk with esmtp (Exim 4.69) (envelope-from info@courier.org) id 1MzDaM-0005TE-SQ; Sat, 17 Oct 2009 19:01:03 +0100 Received: from smtpgw.nic.in ([164.100.17.13] helo=vastu3.nic.in) by stoneboat.mydomain.co.uk with esmtp (Exim 4.69) (envelope-from info@courier.org) id 1MzDZG-0007Kq-6R; Sat, 17 Oct 2009 18:59:55 +0100 Received: from vastu3.nic.in (localhost.localdomain [127.0.0.1]) by vastu3.nic.in (8.12.10/8.12.10) with ESMTP id n9HGohnY005375; Sat, 17 Oct 2009 22:20:50 +0530 Received: from wb.nic.in (wb.nic.in [164.100.199.2])by vastu3.nic.in (8.12.10/8.12.10) with ESMTP id n9HGnfAp005107;Sat, 17 Oct 2009 22:19:42 +0530 Received: from wb.nic.in (localhost.localdomain [127.0.0.1])by wb.nic.in (8.13.5/8.13.5) with ESMTP id n9HIAXt6014677;Sat, 17 Oct 2009 23:40:33 +0530 Received: (from apache@localhost)by wb.nic.in (8.13.5/8.13.5/Submit) id n9HI9PTm014656;Sat, 17 Oct 2009 23:39:25 +0530 X-authentication-warning: wb.nic.in: apache set sender to info@courier.org using -f Received: from 118.98.215.130 (proxying for 62.56.132.24) (SquirrelMail authenticated user pao-coochbehar) by wb.nic.in with HTTP; Sat, 17 Oct 2009 23:39:25 +0530 (IST) Message-id: 44260.118.98.215.130.1255802965.squirrel@wb.nic.in Date: Sat, 17 Oct 2009 23:39:25 +0530 (IST) (19:09 BST) From: Mr. Tomo Sand Nori info@courier.org Reply-to: ciyang22@yahoo.co.uk
Jenny,
Unfortunately all the headers can be faked apart from the last one where it is "Received:" by your server. If the spammer is using "info@courier.org" for all their spam to you then feel free to block that.
Good luck, Tim.
2009/10/21 Jenny Hopkins hopkins.jenny@gmail.com:
Hullo,
I'm finding mail headers a tad confusing.
If the header of a mail is as below, what is the actual address that needs to be entered in a blacklist file in SpamAssassin? Or for the local user to enter into an evolution blacklist file on their local machine?
info@courier.org smtpgw.nic.in ciyang22@yahoo.co.uk vastu3.nic.in wb.nic.in
?
Many thanks,
Jenny
Return-Path: info@courier.org Envelope-To: user@dream.mydomain.co.uk Delivery-Date: Sat, 17 Oct 2009 19:01:09 +0100 Received: from stoneboat.mydomain.co.uk ([80.68.88.63]) by dream.mydomain.co.uk with esmtp (Exim 4.69) (envelope-from info@courier.org) id 1MzDaM-0005TE-SQ; Sat, 17 Oct 2009 19:01:03 +0100 Received: from smtpgw.nic.in ([164.100.17.13] helo=vastu3.nic.in) by stoneboat.mydomain.co.uk with esmtp (Exim 4.69) (envelope-from info@courier.org) id 1MzDZG-0007Kq-6R; Sat, 17 Oct 2009 18:59:55 +0100 Received: from vastu3.nic.in (localhost.localdomain [127.0.0.1]) by vastu3.nic.in (8.12.10/8.12.10) with ESMTP id n9HGohnY005375; Sat, 17 Oct 2009 22:20:50 +0530 Received: from wb.nic.in (wb.nic.in [164.100.199.2])by vastu3.nic.in (8.12.10/8.12.10) with ESMTP id n9HGnfAp005107;Sat, 17 Oct 2009 22:19:42 +0530 Received: from wb.nic.in (localhost.localdomain [127.0.0.1])by wb.nic.in (8.13.5/8.13.5) with ESMTP id n9HIAXt6014677;Sat, 17 Oct 2009 23:40:33 +0530 Received: (from apache@localhost)by wb.nic.in (8.13.5/8.13.5/Submit) id n9HI9PTm014656;Sat, 17 Oct 2009 23:39:25 +0530 X-authentication-warning: wb.nic.in: apache set sender to info@courier.org using -f Received: from 118.98.215.130 (proxying for 62.56.132.24) (SquirrelMail authenticated user pao-coochbehar) by wb.nic.in with HTTP; Sat, 17 Oct 2009 23:39:25 +0530 (IST) Message-id: 44260.118.98.215.130.1255802965.squirrel@wb.nic.in Date: Sat, 17 Oct 2009 23:39:25 +0530 (IST) (19:09 BST) From: Mr. Tomo Sand Nori info@courier.org Reply-to: ciyang22@yahoo.co.uk
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
2009/10/21 Tim Green timothy.j.green@gmail.com:
Jenny,
Unfortunately all the headers can be faked apart from the last one where it is "Received:" by your server. If the spammer is using "info@courier.org" for all their spam to you then feel free to block that.
Good luck, Tim.
Tim,
Thanks for the help.
Jen
-
Jenny Hopkins -
Tim Green