[BlueOnyx:14253] Stopping User at localhost.localdomain Spam
blueonyx at sb9.com
Sun Jan 12 12:51:22 PET 2014
I Hi all hope all is well,
I can't seem to stop some spam. I have the from address (*@icicibank.com)
Blacklisted in the GUI but it always gets through.
Here are the headers:
Return-Path: <customer.care at icicibank.com>
Received: from localhost.localdomain ([22.214.171.124])
by fs.xxx.com (8.13.8/8.13.8) with ESMTP id s0CFCENu001942
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <x at xxx.com>; Sun, 12 Jan 2014 09:12:16 -0600
Received: from User (localhost.localdomain [127.0.0.1])
by localhost.localdomain (8.13.8/8.13.8) with SMTP id s07GUSDv031525;
Tue, 7 Jan 2014 13:30:30 -0300
Message-Id: <201401071630.s07GUSDv031525 at localhost.localdomain>
From: "ICICI Bank"<customer.care at icicibank.com>
Subject: ICICI ALERT: Important Security Message
Jan 12 09:12:15 fs sendmail: STARTTLS=server, relay=[126.96.36.199], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Jan 12 09:12:16 fs milter-greylist: s0CFCENu001942: addr 188.8.131.52 from <customer.care at icicibank.com> rcpt <xt at xxx.com>: autowhitelisted for 72:00:00
Jan 12 09:12:19 fs sendmail: s0CFCENu001942: from=<customer.care at icicibank.com>, size=1195619, class=0, nrcpts=1, msgid=<201401071630.s07GUSDv031525 at localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=[184.108.40.206]
Jan 12 09:12:19 fs sendmail: s0CFCENu001942: to=<x at xxx.com>, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=1226110, dsn=2.0.0, stat=Sent
It looks like the 'Received: from User (localhost.localdomain [127.0.0.1])' might be the reason it bypasses the spam a/v and spamassassin.
Any suggestions would be helpful.
Hey Super Users! - su
Get E Mail Alerts when sites or services are up or down.
Remotely Monitor Website and/or Service Absolutely Free in seconds.
More information about the Blueonyx