On 31-Jan-2007, Gerloff wrote:
[no message body, but an attached file]
These messages appear to be spam; they're certainly of no apparent value, since they have nothing to say.
This has happened several times recently. The message header fields indicate it's being posted from an fsfeurope.org account. Is this true? If so, can it please be made to stop?
Hi Ben,
* Ben Finney ben@benfinney.id.au [2007-01-31 20:19:34 +1100]:
On 31-Jan-2007, Gerloff wrote:
[no message body, but an attached file]
These messages appear to be spam; they're certainly of no apparent value, since they have nothing to say.
This has happened several times recently. The message header fields indicate it's being posted from an fsfeurope.org account. Is this true? If so, can it please be made to stop?
I forwarded this to our system hackers.
Best wishes, Matze
Am Mittwoch, den 31.01.2007, 20:19 +1100 schrieb Ben Finney:
This has happened several times recently. The message header fields indicate it's being posted from an fsfeurope.org account. Is this true? If so, can it please be made to stop?
As far as I can tell, the message header fields indicate the mail has been sent from aso10.internetdsl.tpnet.pl, which is clearly not an address under FSFE's control. The From: header is obviously forged.
So there's not much we can do, unfortunately.
On 31-Jan-2007, Reinhard Mueller wrote:
As far as I can tell, the message header fields indicate the mail has been sent from aso10.internetdsl.tpnet.pl, which is clearly not an address under FSFE's control.
Right. I missed the original Received field.
Received: from [192.168.0.202] (aso10.internetdsl.tpnet.pl [83.17.226.10]) by gadolin.fsfeurope.org (Postfix) with ESMTP id 6793B444002 for discussion@fsfeurope.org; Wed, 31 Jan 2007 09:26:51 +0100 (CET)
The From: header is obviously forged.
Yes, I never believe that field on suspected spam :-)
So there's not much we can do, unfortunately.
I thought for a while that the sender might be spoofing as an FSFE machine, in which case it can be rejected immediately once it gives its HELO; but that's not the case.
Thanks for investigating.
* Ben Finney ben@benfinney.id.au [2007-02-01 09:27:17 +1100]:
So there's not much we can do, unfortunately.
I thought for a while that the sender might be spoofing as an FSFE machine, in which case it can be rejected immediately once it gives its HELO; but that's not the case.
Does anyone know if it makes sense if I add
aso10.internetdsl.tpnet.pl (it was always this) to mailman's privacy options:
Filter rules to match against the headers of a message. (Details for header_filter_rules)
Best wishes, Matze
On 31-Jan-2007, Matthias Kirschner wrote:
Does anyone know if it makes sense if I add
aso10.internetdsl.tpnet.pl (it was always this) to mailman's privacy options:
That's a treadmill that only ever gets faster. It would block that one host, but it would mean you need to maintain that field in Mailman from now on.
I think that rejecting messages suspected as spam is better done by the receiving MTA, not later. That way, you've got the calling party on the line (so to speak) and you don't need to make a "generate a new message or drop this one on the floor" decision, you just reject it to the SMTP client.
* Ben Finney ben@benfinney.id.au [2007-02-01 09:52:27 +1100]:
On 31-Jan-2007, Matthias Kirschner wrote:
Does anyone know if it makes sense if I add
aso10.internetdsl.tpnet.pl (it was always this) to mailman's privacy options:
That's a treadmill that only ever gets faster. It would block that one host, but it would mean you need to maintain that field in Mailman from now on.
I think that rejecting messages suspected as spam is better done by the receiving MTA, not later. That way, you've got the calling party on the line (so to speak) and you don't need to make a "generate a new message or drop this one on the floor" decision, you just reject it to the SMTP client.
Ok, than I will not do this.
Thank you, Matze