RE: [AMaViS-user] RATWARE_ZERO_TZ
This is a discussion on RE: [AMaViS-user] RATWARE_ZERO_TZ within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; > -----Original Message----- > From: amavis-user-admin@lists.sourceforge.net=20 > [mailto:amavis-user-admin@lists.sourceforge.net] ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-21-2005
|
|||
|
|||
RE: [AMaViS-user] RATWARE_ZERO_TZ
> -----Original Message-----
> From: amavis-user-admin@lists.sourceforge.net=20 > [mailto:amavis-user-admin@lists.sourceforge.net] On Behalf Of MJ > Sent: Tuesday, December 20, 2005 9:51 AM > To: Michael Scheidell > Cc: amavis-user@lists.sourceforge.net > Subject: RE: [AMaViS-user] RATWARE_ZERO_TZ >=20 >=20 >=20 > Thanks Michael, here is another example with full header These headers violate the RFC's, and do so in such a way as only has been seen by 'ratware' (ie, software designed, given away, or sold by spammers) I also see no X-Mailer header. Inform your luser friend to spend money and buy real email list manager. >=20 > Received: from hotmail.com (bay20-f13.bay20.hotmail.com [64.4.54.102]) > by mailgate2.cyberia.net.sa (Postfix) with ESMTP id=20 > A33A71F07EF > for <mjunaid@cyberia.net.sa>; Tue, 20 Dec 2005 17:44:05 +0300 > (GMT) > Received: from mail pickup service by hotmail.com with=20 > Microsoft SMTPSVC; > Tue, 20 Dec 2005 06:44:01 -0800 > Message-ID: <BAY20-F137A3A8AAA6E20D49AD880C03E0@phx.gbl> > Received: from 212.138.113.13 by by20fd.bay20.hotmail.msn.com=20 > with HTTP; > Tue, 20 Dec 2005 14:44:01 GMT > X-Originating-IP: [212.138.x.x] > X-Originating-Email: [xxx@hotmail.com] > X-Sender: xxx@hotmail.com > From: "MJ" <xxx@hotmail.com> > To: mj@xxx.net.sa > Subject: Cyberia > Date: Tue, 20 Dec 2005 14:44:01 +0000 > Mime-Version: 1.0 > Content-Type: text/html; format=3Dflowed > X-OriginalArrivalTime: 20 Dec 2005 14:44:01.0705 (UTC)=20 > FILETIME=3D[D1462190:01C60573] > X-Spam-Status: Yes, hits=3D7.111 tag=3D2 tag2=3D6.31 kill=3D6.31=20 > tests=3D[AWL=3D1.372, BAYES_50=3D0.001, DNS_FROM_RFC_ABUSE=3D0.2,=20 > DNS_FROM_RFC_POST=3D1.708, HTML_50_60=3D0.134,=20 > HTML_MESSAGE=3D0.001, INVALID_TZ_GMT=3D0.5, =20 > MIME_HTML_ONLY=3D0.001, MSGID_FROM_MTA_HEADER=3D0,=20 > RATWARE_ZERO_TZ=3D3.196, SPF_HELO_PASS=3D-0.001, SPF_PASS=3D-0.001] Based on what SA found, this user is using spamware to send his emails. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ 
|
Linear Mode
