spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Am i sending spam?

Re: Am i sending spam?

From: David B Funk <dbfunk_at_nospam>
Date: Fri Dec 23 2011 - 21:44:27 GMT
To: users@spamassassin.apache.org

On Fri, 23 Dec 2011, David F. Skoll wrote:

> On Fri, 23 Dec 2011 22:10:22 +0100
> "Lars Ebeling" <lars.ebeling@leopg9.no-ip.org> wrote:
>
>> http://pastebin.com/78gUdaCj
>
> You are not sending spam. Someone on the machine
> SR1S4.mesa.gmu.edu [129.174.112.124 connected to your machine and
> said:
>
> HELO leopg9.no-ip.org
>
> In other words, the HELO domain was faked. We automatically block mail
> from anyone who HELOs as our machine (unless it really *is* from our machine,
> of course!)

Not to mention the fact that IP addr is listed in cbl.abuseat.org
as a malware source and that "message.bat" attachment looks -very-
suspicious.

Do you have any kind of AV running in your mail system?
The original of that message gets identified as "Worm.Mydoom.M FOUND"
by ClamAV. We run ClamAV as an input milter filter ahead of spamassasin,
no sense wasting time/cycles on known viri. ;)

-- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{