You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Dave <da...@gmail.com> on 2009/09/05 17:16:14 UTC

Checking external mail

Hello,
	I'm not sure if this is a function of postfix for delivery or
spamassassin to check the incoming mail. I've got a centos 5.3 machine
running postfix, amavisd-new and spamassassin. Another account one that is
separate from this machine, in this case my gmail account has got an email
from a person i had no previous contact with, i'm not sure is legit or not.
What are telltale signs i should look for in forged headers? I've included
the headers below. Secondly, i was wondering if i could set up a mailbox or
delivery method so i can forward the message to my mail server and have it
put the message through it's various checks?
Thanks.
Dave.

Delivered-To: dave.mehler@gmail.com
Received: by 10.100.6.16 with SMTP id 16cs108866anf;
        Sat, 5 Sep 2009 07:42:46 -0700 (PDT)
Received: by 10.224.42.83 with SMTP id r19mr8187638qae.35.1252161766037;
        Sat, 05 Sep 2009 07:42:46 -0700 (PDT)
Return-Path: <jo...@gmail.com>
Received: from smtp-gw51.mailanyone.net (smtp-gw51.mailanyone.net
[208.70.128.77])
        by mx.google.com with ESMTP id 2si4326084qyk.43.2009.09.05.07.42.45;
        Sat, 05 Sep 2009 07:42:46 -0700 (PDT)
Received-SPF: neutral (google.com: 208.70.128.77 is neither permitted nor
denied by domain of josephcox76@gmail.com) client-ip=208.70.128.77;
Authentication-Results: mx.google.com; spf=neutral (google.com:
208.70.128.77 is neither permitted nor denied by domain of
josephcox76@gmail.com) smtp.mail=josephcox76@gmail.com
Received: from mailanyone.net
	by smtp-gw51.mailanyone.net with esmtpa (MailAnyone extSMTP denis32)
	id 1MjwJ2-0007Vv-MD
	for dave.mehler@gmail.com; Sat, 05 Sep 2009 09:32:02 -0500
Message-Id: <5L...@gmail.com>
Mime-Version: 1.0
From: Joseph <jo...@gmail.com>
To: Dave Data Reports Personnel   (Dayton) <da...@gmail.com>
Subject: RE: Dave - Data Reports Personnel   (Dayton)
Date: Sat, 5 Sep 2009 20:01:47 +0530
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Re: Checking external mail

Posted by Jari Fredriksson <ja...@iki.fi>.

> Hello,
> I'm not sure if this is a function of postfix for
> delivery or 
> spamassassin to check the incoming mail. I've got a
> centos 5.3 machine running postfix, amavisd-new and
> spamassassin. Another account one that is separate from
> this machine, in this case my gmail account has got an
> email from a person i had no previous contact with, i'm
> not sure is legit or not. What are telltale signs i
> should look for in forged headers? I've included the
> headers below. Secondly, i was wondering if i could set
> up a mailbox or delivery method so i can forward the
> message to my mail server and have it put the message
> through it's various checks?   
> Thanks.
> Dave.
> 

You can set up fetchmail in your mail server to grab the gmail posts and send them to your "regular" address.

You can also set a forward address in GMail settings, it works if you do not like to put a fetchmail up.

I read my gmail and hotmail this way, the mail comes to my own IMAP server via fetchmail, and gets SpamAssassinated.

Re: Checking external mail

Posted by Karsten Bräckelmann <gu...@rudersport.de>.

On Sat, 2009-09-05 at 12:27 -0400, Gene Heskett wrote:
> I believe you intended this to go to the spamassassin list, not to me 
> privately?  In any event, I will be little or no help.

And so he did. ;)

Let me take a brave guess, you are filtering your list posts based on
the To and Cc headers. Dave sent this Bcc SA users list...

Check the List-Id and List-Post headers. They are guaranteed to be
inserted by the list server and better suited for filtering than the
cosmetic To and Cc recipients.

-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: Checking external mail

Posted by Gene Heskett <ge...@verizon.net>.

On Saturday 05 September 2009, Dave wrote:
>Hello,
>	I'm not sure if this is a function of postfix for delivery or
>spamassassin to check the incoming mail. I've got a centos 5.3 machine
>running postfix, amavisd-new and spamassassin. Another account one that is
>separate from this machine, in this case my gmail account has got an email
>from a person i had no previous contact with, i'm not sure is legit or not.
>What are telltale signs i should look for in forged headers? I've included
>the headers below. Secondly, i was wondering if i could set up a mailbox or
>delivery method so i can forward the message to my mail server and have it
>put the message through it's various checks?
>Thanks.
>Dave.
>
>Delivered-To: dave.mehler@gmail.com
>Received: by 10.100.6.16 with SMTP id 16cs108866anf;
>        Sat, 5 Sep 2009 07:42:46 -0700 (PDT)
>Received: by 10.224.42.83 with SMTP id r19mr8187638qae.35.1252161766037;
>        Sat, 05 Sep 2009 07:42:46 -0700 (PDT)
>Return-Path: <jo...@gmail.com>
>Received: from smtp-gw51.mailanyone.net (smtp-gw51.mailanyone.net
>[208.70.128.77])
>        by mx.google.com with ESMTP id
> 2si4326084qyk.43.2009.09.05.07.42.45; Sat, 05 Sep 2009 07:42:46 -0700
> (PDT)
>Received-SPF: neutral (google.com: 208.70.128.77 is neither permitted nor
>denied by domain of josephcox76@gmail.com) client-ip=208.70.128.77;
>Authentication-Results: mx.google.com; spf=neutral (google.com:
>208.70.128.77 is neither permitted nor denied by domain of
>josephcox76@gmail.com) smtp.mail=josephcox76@gmail.com
>Received: from mailanyone.net
>	by smtp-gw51.mailanyone.net with esmtpa (MailAnyone extSMTP denis32)
>	id 1MjwJ2-0007Vv-MD
>	for dave.mehler@gmail.com; Sat, 05 Sep 2009 09:32:02 -0500
>Message-Id: <5L...@gmail.com>
>Mime-Version: 1.0
>From: Joseph <jo...@gmail.com>
>To: Dave Data Reports Personnel   (Dayton) <da...@gmail.com>
>Subject: RE: Dave - Data Reports Personnel   (Dayton)
>Date: Sat, 5 Sep 2009 20:01:47 +0530
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>Content-Transfer-Encoding: quoted-printable

I believe you intended this to go to the spamassassin list, not to me 
privately?  In any event, I will be little or no help.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

Taxes are going up so fast, the government is likely to price itself
out of the market.