Below does not show enough info; you should provide the full headers for
anyone to guess what's happening (munge all email addresses except the
forged 'From' header).
I have all encodings except Latin 3, Latin 9, US-ASCII, and western
europeanblocked. I have alsoblockedthe top level domain RU. I have
my junk filter set on high.
But the following email still gets through. Why????
From: éÎÔÌ. ÓÏÂÓÔ×. [mailto:
[email protected]]
Sent: Thursday, March 06, 2008 12:03 PM
To: korson at southern dot edu
Subject: îÏ×Ï××ÅÄÅÎÉÑ ÄÌÑ ÐÒÁ× éÎÔÅÌ. óÏÂÓÔ×ÅÎÎÏÓÔÉ.
îÏ×ÏÅ × ÐÒÁ×ÁÈ ÉÎÔÅÌÌÅËÔÕÁÌØÎÏÊ ÓÏÂÓÔ×ÅÎÎÏÓÔÉ (ÐÒÉÎÑÔÉÅ þÅÔ×ÅÒÔÏÊ
þÁÓÔÉ çë òæ).
äÁÔÁ ÕÞÅÂÎÏÇÏ ËÕÒÓÁ: l1 ÍÁÒtÁ
ðÒÏÄÏÌÖÉÔÅÌØÎÏÓÔØ: 1 ÄÅÎØ
ëÏÌ-×Ï ÞÁÓÏ×: ×ÓÅÇÏ 8 Þ. ....- Hide quoted text -
- Show quoted text -
Here are the complete headers:
Received: from exmf003-5.intermedia dot net (207.5.74.85) by
EXHUB003-3.exch003intermedia dot net (207.5.74.70) with Microsoft
SMTP Server
(TLS) id 8.1.240.5; Wed, 5 Mar 2008 09:03:06 -0800
Received: from localhost (localhost.localdomain [127.0.0.1]) by
exmf003-5.intermedia dot net (Postfix) with ESMTP id 8C82CE4A0 for
<tim at qualsys dot org>; Wed, 5 Mar 2008 09:03:06 -0800 (PST)
Received: from exmf003-5.intermedia dot net ([127.0.0.1]) by localhost
(exmf003-5.intermedia dot net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP
id 26424-50-3 for <tim at qualsys dot org>; Wed, 5 Mar 2008 09:03:05
-0800 (PST)
Received: from masi.southern dot edu (masi.southern dot edu
[216.229.224 dot 6]) by
exmf003-5.intermedia dot net (Postfix) with ESMTP id 9DB64E4D3 for
<tim at qualsys dot org>; Wed, 5 Mar 2008 09:02:42 -0800 (PST)
Received: from masi.southern dot edu (127.0.0.1) by masi.southern dot
edu (MlfMTA
v3.2r9) id hpr94q0171sv for <tim at qualsys dot org>; Wed, 5 Mar 2008
12:02:45 -0500
(envelope-from <
[email protected]>)
Received: from exch-be-1.southern dot edu ([216.229.224.46]) by
masi.southern dot edu
(saumailgateway) with ESMTP; Wed, 05 Mar 2008 12:02:45 -0500
Received: from casati.southern dot edu ([216.229.224 dot 7]) by exch-
be-1.southern dot edu
with Microsoft SMTPSVC(6.0.3790.211); Wed, 5 Mar 2008 12:02:38 -0500
Received: from gyuri-adf3afaad.rdsbv.ro ([82.137.62.64]) by
casati.southern dot edu (saumailgateway) with ESMTP; Wed, 05 Mar 2008
12:02:31
-0500
Received: from [82.137.62.64] by mx1.fti.ru; Wed, 6 Mar 2008 18:02:31
+0100
Message-ID: <01c87fb4$3f209580$403e8952@sale>
From: =?koi8-r?B?6c7UzC4g08/C09TXLg==?= <
[email protected]>
To: <korson at southern dot edu>
Subject: =?koi8-r?B?7s/
Xz9fXxcTFzsnRIMTM0SDQ0sHXIOnO1MXMLiDzz8LT1NfFzs7P0w==?=
=?koi8-r?B?1Mku?=
Date: Thu, 6 Mar 2008 18:02:31 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C87FB4.3F209580"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Mlf-Threat-History: nothreat
X-Mlf-Threat-Detailed-History: nothreat;none;none;none
X-Mlf-UniqueId-History: i200803051702180049308
X-OriginalArrivalTime: 05 Mar 2008 17:02:39.0998 (UTC)
FILETIME=[B84F69E0:01C87EE2]
X-Mlf-Version: 6.1.0.9597
X-Mlf-UniqueId: o200803051702450191755
X-Virus-Scanned: by amavisd-new at exmf003-5.intermedia dot net
X-Spam-Status: Yes, hits=9.115 tagged_above=-999 required=3
tests=DATE_IN_FUTURE_12_24, HTML_FONT_BIG, HTML_MESSAGE,
RAZOR2_CF_RANGE_51_100, RAZOR2_CF_RANGE_E4_51_100, RAZOR2_CHECK,
SPAMMY_XMAILER, SPF_HELO_PASS, SUBJECT_ENCODED_TWICE
X-Spam-Level: *********
X-Spam-Flag: YES
Return-Path: (e-mail address removed)
X-MS-Exchange-Organization-SCL: 9
