帮忙分析一个垃圾邮件头

ruochen

Return-Path: <>
X-Original-To: user@example.com
Delivered-To: user@example.com
Received: from wergvan (unknown [213.197.134.86])
by mail.user@example.com (Postfix) with SMTP id 6B0BC2818270
for <user@example.comThu, 19 Feb 2009 13:50:23 +0800 (CST)
Received: from [167.218.89.157] (helo=pfzjv)
by wergvan with smtp (Exim 4.62 (FreeBSD))
id 123502225064-0007kq-1G; Thu, 19 Feb 2009 07:44:10 +0200
Message-ID: <002001c99254$f02e63d0$a7da599d@COATS03pfzjv>
From: "Hadrian Tanner" <tamala.stewart@bofasecurities.com>
To: <user@example.com>
Subject: {Spam?} Check for most attractive prices for meds!
Date: Thu, 19 Feb 2009 07:43:06 +0200
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="windows-1250";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1158
X-mail-MailScanner-Information: Please contact the ISP for more information
X-mail-MailScanner-ID: 6B0BC2818270.403EC
X-mail-MailScanner: Found to be clean
X-mail-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=11.526,
required 7.8, RDNS_NONE 0.10, STOX_REPLY_TYPE 0.00,
SUBJECT_FUZZY_MEDS 2.81, URIBL_BLACK 1.96, URIBL_JP_SURBL 2.86,
XMAILER_MIMEOLE_OL_22B61 3.79)
X-mail-MailScanner-SpamScore: sssssssssss
X-mail-MailScanner-From:
X-Spam-Status: Yes



邮件地址用user@example.com替换，域名也替换了
这样的垃圾邮件怎么阻止呢？

MichaelBibby

你指的是收件人和发件人地址相同的情况？

ruochen

Return-Path: <>

From: "Hadrian Tanner" <tamala.stewart@bofasecurities.com>


ip显示是立陶宛
mailscanner里面截取的日志没有发送者的信息

最近有3个用户，每人收到2~3个这样的邮件了
当然ip和邮件地址是不一样的

[ 本帖最后由 ruochen 于 2009-2-19 17:32 编辑 ]

ruochen

怎么阻止这样的垃圾邮件？

xmbbx

X-Spam-Status: Yes
不是已经标记为垃圾邮件了吗

ruochen

如果将Return-Path: <>为空这样的mail直接丢弃，会不会造成误杀呢？
而且这个丢弃的policy怎么来做比较好呢？

ruochen

原帖由 xmbbx 于 2009-2-19 17:15 发表
X-Spam-Status: Yes
不是已经标记为垃圾邮件了吗

下面是SA没有识别出来的
Return-Path: <>
X-Original-To: test@example.com
Delivered-To: test@example.com
Received: from S0106001310d4af1d.vn.shawcable.net (S0106001310d4af1d.vn.shawcable.net [24.82.3.51])
        by mail.test@example.com (Postfix) with SMTP id 870432818254
        for <test@example.com>; Mon, 16 Mar 2009 08:19:06 +0800 (CST)
Received: from dxhb ([66.208.169.93])
        by S0106001310d4af1d.vn.shawcable.net (8.13.1/8.13.1) with SMTP id 200903151712051413;
        Sun, 15 Mar 2009 17:12:00 -0800
Message-ID: <20090315170926.1000107@uottawa.ca>
Date: Sun, 15 Mar 2009 17:09:26 -0800
From: "Sampson" <tkl@uottawa.ca>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: test@example.com
Subject: Bomb was blasted in your town
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-mail-MailScanner-Information: Please contact the ISP for more information
X-mail-MailScanner-ID: 870432818254.085BA
X-mail-MailScanner: Found to be clean
X-mail-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
        score=2.862, required 7.8, URIBL_BLACK 1.96, URIBL_RHS_DOB 0.90)
X-mail-MailScanner-SpamScore: ss
X-mail-MailScanner-From:
X-Spam-Status: No

It's terrible! http://oek.yourbreakingnew.com/news.php

ruochen

原帖由 MichaelBibby 于 2009-2-19 16:43 发表
你指的是收件人和发件人地址相同的情况？

Return-Path: <>
是这个！！！！！


最近很头痛

scyzxp

原帖由 ruochen 于 2009-2-19 17:34 发表
如果将Return-Path: 为空这样的mail直接丢弃，会不会造成误杀呢？
而且这个丢弃的policy怎么来做比较好呢？

不会，可以放心使用，正常邮件不会出现这样的提示

ruochen

原帖由 scyzxp 于 2009-3-25 15:07 发表

不会，可以放心使用，正常邮件不会出现这样的提示

Return-Path: <>

那怎么挡掉这样的邮件呢？
查阅了postfix权威指南（270页），说可以用header_checks来挡掉，但是不建议这样做
如果是写header_checks， 这个怎么来写呢？