[lug] Email question

Daniel Webb lists at danielwebb.us
Sun Aug 22 19:46:58 MDT 2004


I installed Tor Slettnes's greylisting package (greylistd on Debian,
described in his excellent email filtering document
http://slett.net/spam-filtering-for-mx/greylisting.html), and for over a
day I haven't received a single spam (normally I would get 20-30).  I just
got this message, though, and I'm wondering if someone knows what's up.

My guess is that this is a legitimate (if misguided) email, but that a
virus spammer is using my email address as the return address (the HELO
from the included message header at the bottom certainly isn't me).
Nothing was attached to this email to me.

So far greylisting is working great for me.  I only have a 5 minute
greylist timeout, so the effect on normal mail is almost undetectable.  As
Tor points out in his document, even if everyone starts using greylisting
and the spammers start to adapt, by using greylisting combined with SMTP
delays it will drastically decrease the speed of their spamming, at least
assuming most machines on the internet are limited in the number of
connections they can work on simultaneously.  Exim is a beautiful thing.

Daniel

----------------------------
Return-path: <>
Envelope-to: [my email address]
Delivery-date: Sun, 22 Aug 2004 19:14:28 -0600
Received: from llm2.sci-nnov.ru ([195.122.239.87] helo=mail.m2.nnov.ru)
        by [my email server] with smtp (Exim 4.34)
        id 1Bz3Po-0006UO-0x
        for [my email address]; Sun, 22 Aug 2004 19:14:28 -0600
Received: (qmail 8572 invoked from network); 23 Aug 2004 01:14:18 -0000
Date: 23 Aug 2004 01:14:18 -0000
From: "System Anti-Virus Administrator" <root at j.m2.nnov.ru>
To: [my email address]
Subject: Disallowed attachment type found in sent message "notification"
Message-ID: <j.m2.nnov.ru10932236584258535 at j.m2.nnov.ru>
X-Tnz-Problem-Type: 40
MIME-Version: 1.0
Content-type: text/plain
X-Folder: Bulk

Attention: [my email address]

A Disallowed attachment type was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching its destination.

The Disallowed attachment type was reported to be:

EXE files not allowed per Company security policy

Please contact your I.T support personnel with any queries regarding this
policy.

Your message was sent with the following envelope:

MAIL FROM: [my email address]
RCPT TO:   aleks at m2media.ru

... and with the following headers:

---
MAILFROM: [my email address]
Received: from unknown (HELO m2media.ru) (218.19.151.119)
  by mail.m2.nnov.ru with SMTP; 23 Aug 2004 01:14:04 -0000
From: [my email address]
To: aleks at m2media.ru
Subject: notification
Date: Mon, 23 Aug 2004 09:14:20 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_0012_00004FE6.00001A53"
X-Priority: 3
X-MSMail-Priority: Normal






More information about the LUG mailing list