blacklisting in Spamassassin
Hullo, I'm finding mail headers a tad confusing. If the header of a mail is as below, what is the actual address that needs to be entered in a blacklist file in SpamAssassin? Or for the local user to enter into an evolution blacklist file on their local machine? info@courier.org smtpgw.nic.in ciyang22@yahoo.co.uk vastu3.nic.in wb.nic.in ? Many thanks, Jenny Return-Path: <info@courier.org> Envelope-To: user@dream.mydomain.co.uk Delivery-Date: Sat, 17 Oct 2009 19:01:09 +0100 Received: from stoneboat.mydomain.co.uk ([80.68.88.63]) by dream.mydomain.co.uk with esmtp (Exim 4.69) (envelope-from <info@courier.org>) id 1MzDaM-0005TE-SQ; Sat, 17 Oct 2009 19:01:03 +0100 Received: from smtpgw.nic.in ([164.100.17.13] helo=vastu3.nic.in) by stoneboat.mydomain.co.uk with esmtp (Exim 4.69) (envelope-from <info@courier.org>) id 1MzDZG-0007Kq-6R; Sat, 17 Oct 2009 18:59:55 +0100 Received: from vastu3.nic.in (localhost.localdomain [127.0.0.1]) by vastu3.nic.in (8.12.10/8.12.10) with ESMTP id n9HGohnY005375; Sat, 17 Oct 2009 22:20:50 +0530 Received: from wb.nic.in (wb.nic.in [164.100.199.2])by vastu3.nic.in (8.12.10/8.12.10) with ESMTP id n9HGnfAp005107;Sat, 17 Oct 2009 22:19:42 +0530 Received: from wb.nic.in (localhost.localdomain [127.0.0.1])by wb.nic.in (8.13.5/8.13.5) with ESMTP id n9HIAXt6014677;Sat, 17 Oct 2009 23:40:33 +0530 Received: (from apache@localhost)by wb.nic.in (8.13.5/8.13.5/Submit) id n9HI9PTm014656;Sat, 17 Oct 2009 23:39:25 +0530 X-authentication-warning: wb.nic.in: apache set sender to info@courier.org using -f Received: from 118.98.215.130 (proxying for 62.56.132.24) (SquirrelMail authenticated user pao-coochbehar) by wb.nic.in with HTTP; Sat, 17 Oct 2009 23:39:25 +0530 (IST) Message-id: <44260.118.98.215.130.1255802965.squirrel@wb.nic.in> Date: Sat, 17 Oct 2009 23:39:25 +0530 (IST) (19:09 BST) From: Mr. Tomo Sand Nori <info@courier.org> Reply-to: ciyang22@yahoo.co.uk
Jenny, Unfortunately all the headers can be faked apart from the last one where it is "Received:" by your server. If the spammer is using "info@courier.org" for all their spam to you then feel free to block that. Good luck, Tim. 2009/10/21 Jenny Hopkins <hopkins.jenny@gmail.com>:
Hullo,
I'm finding mail headers a tad confusing.
If the header of a mail is as below, what is the actual address that needs to be entered in a blacklist file in SpamAssassin? Or for the local user to enter into an evolution blacklist file on their local machine?
info@courier.org smtpgw.nic.in ciyang22@yahoo.co.uk vastu3.nic.in wb.nic.in
?
Many thanks,
Jenny
Return-Path: <info@courier.org> Envelope-To: user@dream.mydomain.co.uk Delivery-Date: Sat, 17 Oct 2009 19:01:09 +0100 Received: from stoneboat.mydomain.co.uk ([80.68.88.63]) by dream.mydomain.co.uk with esmtp (Exim 4.69) (envelope-from <info@courier.org>) id 1MzDaM-0005TE-SQ; Sat, 17 Oct 2009 19:01:03 +0100 Received: from smtpgw.nic.in ([164.100.17.13] helo=vastu3.nic.in) by stoneboat.mydomain.co.uk with esmtp (Exim 4.69) (envelope-from <info@courier.org>) id 1MzDZG-0007Kq-6R; Sat, 17 Oct 2009 18:59:55 +0100 Received: from vastu3.nic.in (localhost.localdomain [127.0.0.1]) by vastu3.nic.in (8.12.10/8.12.10) with ESMTP id n9HGohnY005375; Sat, 17 Oct 2009 22:20:50 +0530 Received: from wb.nic.in (wb.nic.in [164.100.199.2])by vastu3.nic.in (8.12.10/8.12.10) with ESMTP id n9HGnfAp005107;Sat, 17 Oct 2009 22:19:42 +0530 Received: from wb.nic.in (localhost.localdomain [127.0.0.1])by wb.nic.in (8.13.5/8.13.5) with ESMTP id n9HIAXt6014677;Sat, 17 Oct 2009 23:40:33 +0530 Received: (from apache@localhost)by wb.nic.in (8.13.5/8.13.5/Submit) id n9HI9PTm014656;Sat, 17 Oct 2009 23:39:25 +0530 X-authentication-warning: wb.nic.in: apache set sender to info@courier.org using -f Received: from 118.98.215.130 (proxying for 62.56.132.24) (SquirrelMail authenticated user pao-coochbehar) by wb.nic.in with HTTP; Sat, 17 Oct 2009 23:39:25 +0530 (IST) Message-id: <44260.118.98.215.130.1255802965.squirrel@wb.nic.in> Date: Sat, 17 Oct 2009 23:39:25 +0530 (IST) (19:09 BST) From: Mr. Tomo Sand Nori <info@courier.org> Reply-to: ciyang22@yahoo.co.uk
_______________________________________________ main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
2009/10/21 Tim Green <timothy.j.green@gmail.com>:
Jenny,
Unfortunately all the headers can be faked apart from the last one where it is "Received:" by your server. If the spammer is using "info@courier.org" for all their spam to you then feel free to block that.
Good luck, Tim.
Tim, Thanks for the help. Jen
participants (2)
-
Jenny Hopkins -
Tim Green