[BlueOnyx:14253] Stopping User at localhost.localdomain Spam

David Hahn blueonyx at sb9.com
Sun Jan 12 12:51:22 PET 2014


I Hi all hope all is well,
I can't seem to stop some spam. I have the from address (*@icicibank.com)
Blacklisted in the GUI but it always gets through.

Here are the headers:

Return-Path: <customer.care at icicibank.com>
Received: from localhost.localdomain ([200.111.101.6])
	by fs.xxx.com (8.13.8/8.13.8) with ESMTP id s0CFCENu001942
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <x at xxx.com>; Sun, 12 Jan 2014 09:12:16 -0600
Received: from User (localhost.localdomain [127.0.0.1])
	by localhost.localdomain (8.13.8/8.13.8) with SMTP id s07GUSDv031525;
	Tue, 7 Jan 2014 13:30:30 -0300
Message-Id: <201401071630.s07GUSDv031525 at localhost.localdomain>
From: "ICICI Bank"<customer.care at icicibank.com>
Subject: ICICI ALERT: Important Security Message

Logs:
Jan 12 09:12:15 fs sendmail[1942]: STARTTLS=server, relay=[200.111.101.6], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Jan 12 09:12:16 fs milter-greylist: s0CFCENu001942: addr 200.111.101.6 from <customer.care at icicibank.com> rcpt <xt at xxx.com>: autowhitelisted for 72:00:00
Jan 12 09:12:19 fs sendmail[1942]: s0CFCENu001942: from=<customer.care at icicibank.com>, size=1195619, class=0, nrcpts=1, msgid=<201401071630.s07GUSDv031525 at localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=[200.111.101.6]
Jan 12 09:12:19 fs sendmail[1956]: s0CFCENu001942: to=<x at xxx.com>, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=1226110, dsn=2.0.0, stat=Sent

It looks like the 'Received: from User (localhost.localdomain [127.0.0.1])' might be the reason it bypasses the spam a/v and spamassassin.

Any suggestions would be helpful.

-- 
Thank you
David Hahn
----
Hey Super Users! - su
Get E Mail Alerts when sites or services are up or down.
Remotely Monitor Website and/or Service Absolutely Free in seconds.
http://mon.pagekeeperservice.com




More information about the Blueonyx mailing list