Thread: rejected emails
View Single Post

  #3 (permalink)  
Old 10-27-2006
rogv24@yahoo.com
 
Posts: n/a
Default Re: rejected emails

hello Greg,

Thanks for the feedback. Of about 10 emails 3 emails get rejected. I
think its very high
considering the volume we are getting. We have an older version of
postfix 2.013
We plan on upgrading in the near future. I believe there is some thing
right now we
don't have in postfix that can capture these emails.

here is one spam that we got:

-----Original Message-----
Date: 10/26/2006 09:46 pm -0400 (Thursday)
From: "Jenny" <yqc6afa@supernet.com.bo>
To: "Administrators" <thomaslo@si.edu>
Subject: Plz. get back

Hey,

Refill is ready.
Plz. reconfirm City .

http://cf.geocities.com/Medina8_m120/

Regards,

Jenny

The mime log looks like this:
Return-path: <yqc6afa@supernet.com.bo>
Received: from si-av04.si.edu [160.111.252.25]
by simail1.si.edu; Thu, 26 Oct 2006 21:49:49 -0400
Received: from localhost (localhost [127.0.0.1])
by si-av04.si.edu (SI-Mailer) with ESMTP id 172BB2794
for <thomaslo@si.edu>; Thu, 26 Oct 2006 21:49:49 -0400 (EDT)
Received: from si-av04.si.edu ([127.0.0.1])
by localhost (si-av04 [127.0.0.1]) (amavisd-new, port 10024) with
ESMTP
id 15352-01 for <thomaslo@si.edu>; Thu, 26 Oct 2006 21:49:47 -0400
(EDT)
Received: from si-ems01.si.edu (si-ems01.si.edu [160.111.252.31])
by si-av04.si.edu (SI-Mailer) with ESMTP id A0873278E
for <thomaslo@si.edu>; Thu, 26 Oct 2006 21:49:47 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
by si-ems01.si.edu (SI-Mailer) with ESMTP id 39F931C4E
for <thomaslo@si.edu>; Thu, 26 Oct 2006 21:49:46 -0400 (EDT)
Received: from si-ems01.si.edu ([127.0.0.1])
by localhost (si-ems01 [127.0.0.1]) (amavisd-new, port 10024) with
ESMTP
id 26254-04 for <thomaslo@si.edu>; Thu, 26 Oct 2006 21:49:46 -0400
(EDT)
Received: from mail2.supernet.com.bo (mail2.supernet.com.bo
[200.58.72.21])
by si-ems01.si.edu (SI-Mailer) with ESMTP id C3F8B1C11
for <thomaslo@si.edu>; Thu, 26 Oct 2006 21:49:42 -0400 (EDT)
Received: from supernet.com.bo (host-200-58-90-65.supernet.com.bo
[200.58.90.65])
by mail2.supernet.com.bo (8.13.1/8.13.1) with ESMTP id k9QHrSFn028309
for <thomaslo@si.edu>; Thu, 26 Oct 2006 21:54:17 +0400 (GMT)
Received: from unknown (HELO mail.gimmicc.net) (Thu, 26 Oct 2006
17:35:40 -0900)
by relay.2yahoo.com with ESMTP; Thu, 26 Oct 2006 17:35:40 -0900
Received: from unknown (27.52.184.67)
by group21.345mail.com with SMTP; Thu, 26 Oct 2006 17:16:52 -0900
Received: from mtu67.syds.piswix.net [56.207.144.130] by
rsmail.alkoholic.net with LOCAL; Thu, 26 Oct 2006 17:10:34 -0900
Received: from smtp18.yenddx.com ([146.84.10.118]) by
m1.gns.snv.thisdomainl.com with SMTP; Thu, 26 Oct 2006 16:51:40 -0900
Message-ID: <B920605A.F1E29D7@supernet.com.bo>
Date: Thu, 26 Oct 2006 16:46:48 -0900
From: "Jenny" <yqc6afa@supernet.com.bo>
X-Accept-Language: en-us
MIME-Version: 1.0
To: "Administrators" <thomaslo@si.edu>
Subject: Plz. get back
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: SI-EMS border system (SI+SA)



> rogv24@yahoo.com wrote:
> > I have a unix/postfix environment and I am getting a bunch of emails
> > that are not on my rbl's,
> > I have spamhaus, spamcop, dynablock, dsbl, ordbl.
> > They pass domain, FQDN, host, MX, envelope checking checks.
> > They also pass spam assassin checks.
> >
> > Hell, then how can I get rid of them?
> > Thanks
>
>
> It's been my experience that probably the last 5-8 percent of
> the spam that gets through after all other automated means
> are deployed, are the hardest to get rid of.
>
> These spams usually have to be analyzed, and dealt with by
> manual blocking tables, of which, there are many choices.
>
> Depending on what sort of user base you have on your system,
> you might even be able to block entire countries, or ISP subnets.
>
> Just out of curiosity, have you analyzed your logfiles to see
> what percentage of the total spams are being blocked, versus the
> percentage of spams getting through?
>
> --
> Greg

Reply With Quote