spamassassin-users June 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: NO_RELAYS spam

Re: NO_RELAYS spam

From: Randy Ramsdell <rramsdell_at_nospam>
Date: Thu Jun 17 2010 - 15:53:27 GMT

Michael Scheidell wrote:
> On 6/17/10 11:31 AM, Randy Ramsdell wrote:
>> I just checked our spam reports and this rule never hits. It is not
>> locally generated email either or I can not find any coming from us.
>> This is an strange issue and I am not where to begin to determine
>> what is doing this.
> if you have an insecure web form, contact form, 'email us' form, the
> spammers will use it to send spam.
> MAYBE it is coming from that.
> (and if it is, and spammers are using you, you will get on blacklists
> :-( )
> do you need packet dumps? what about mail logs? does your mail server
> tell you where these emails are coming from?
I understand how letting spammers send mail through our systems could
get us added to lists, but Michael stated "then, check the blacklists to
see how to get removed." as if we are already on a list. We are not.

Back to the main issue.

Here is an example pastbin.

I found this message in the logs and it comes from yahoo. I don't think
I will focus on our forms because general mail also has its received
headers stripped. So the question is is what is doing this? I need help
to determine how to isolate this problem down. If it is postfix, I will
go to there lists etc... I have not implemented any rules that strip
received headers nor do I want to.