Re: nolisting MX record

22 Mar 2017


      Hatte vergessen, die Mail selbst anzuhängen:
Return-Path: amanda@cruisesdeals.ca
    Delivered-To: me@mydomain.org
    Received: from mail.mydomain.org
        by mydomain.org (Dovecot) with LMTP id ejTmDuJL0ljMIgAAXmd1zw
        for me@mydomain.org; Wed, 22 Mar 2017 11:03:14 +0100
    Received: from localhost (localhost [127.0.0.1])
        by mail.mydomain.org (Postfix) with ESMTP id 3783A2106AB
       for me@mydomain.org; Wed, 22 Mar 2017 11:03:14 +0100 (CET)
    X-Spam-Flag: NO
    X-Spam-Score: 1.175
    X-Spam-Level: *
    X-Spam-Status: No, score=1.175 required=5 tests=[DKIM_SIGNED=0.1,
        DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001,
        RDNS_NONE=1.274] autolearn=no autolearn_force=no
    Authentication-Results: mail.mydomain.org (amavisd-new);
       dkim=pass (2048-bit key) header.d=cruisesdeals.ca
    Received: from mail.mydomain.org ([127.0.0.1])
        by localhost (mail.mydomain.org [127.0.0.1]) (amavisd-new, port 
10024)
       with ESMTP id tOopJduX0kBu for me@mydomain.org;
       Wed, 22 Mar 2017 11:03:13 +0100 (CET)
    Received: from cheapflightscanada.ca (unknown [108.163.252.234])
       by mail.mydomain.org (Postfix) with ESMTPS id 8E49C2106AA
       for me@mydomain.org; Wed, 22 Mar 2017 11:03:13 +0100 (CET)
    DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=cruisesdeals.ca; s=default; 
h=Content-Transfer-Encoding:Content-Type:
MIME-Version:Message-ID:From:Date:Subject:To:Sender:Reply-To:Cc:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
        List-Subscribe:List-Post:List-Owner:List-Archive;
        bh=QUcg8ToBrcDUuuWRIY2qCOl5q+4rwZUNASvTOnsJAgM=; 
b=yik1AMgaLXZ0Ig2XrPgfXE8N1J
5T8Q9VusE7qR0EZzziiAL+LoRRVaIYGidIyFg+Cxz+/mVkzlTnmbvuZQiYYsNbADj+/1zsXSOgIDe
9HFBTXLO7xEwvXoIo92PVAgg4tH3t4wwQ8o8WVxDYqWyK7SZm/yPzs12LeS7N6BOyXB6In9Hu7cI/
WEI3mYsBJ8fzMRyQhBxVSpYyBc7L6uh6O1FCQuTffz2ldB1TY+FgvLomSo2oPMQ+GnZO467znhgHS
hJLpHFtOxEYuSdVZVnu/wTWerwSJa8Vb4LwaE+8Ady5QDMAPB3eCG5oak4vqbGsJByD81OjGb2xZM
        V/xdIK5A==;
    Received: from nqbxkapi by mars.whfweb.com with local (Exim 4.88)
        (envelope-from amanda@cruisesdeals.ca)
        id 1cqd6h-000GV6-OM
        for me@mydomain.org; Wed, 22 Mar 2017 05:03:07 -0500
    To: me@mydomain.org
    Subject: I can make pleasure
    X-PHP-Script: www.cruisesdeals.ca/wp-content/themes/press.php for 
98.126.199.83
    X-PHP-Filename: 
/home/nqbxkapi/cruisesdeals.ca/wp-content/themes/press.php REMOTE_ADDR: 
98.126.199.83
    Date: Wed, 22 Mar 2017 10:03:07 +0000
    From: Amanda amanda@cruisesdeals.ca
    Message-ID: f13690b9809de6aba04e5406b1827d00@www.cruisesdeals.ca
    X-Priority: 3
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
        boundary="b1_f13690b9809de6aba04e5406b1827d00"
    Content-Transfer-Encoding: 8bit
    X-AntiAbuse: This header was added to track abuse, please include it 
with any abuse report
    X-AntiAbuse: Primary Hostname - mars.whfweb.com
    X-AntiAbuse: Original Domain - mydomain.org
    X-AntiAbuse: Originator/Caller UID/GID - [1202 1193] / [47 12]
    X-AntiAbuse: Sender Address Domain - cruisesdeals.ca
    X-Get-Message-Sender-Via: mars.whfweb.com: authenticated_id: 
nqbxkapi/from_h
    X-Authenticated-Sender: mars.whfweb.com: amanda@cruisesdeals.ca
--b1_f13690b9809de6aba04e5406b1827d00
    Content-Type: text/plain; charset=us-ascii
TEXT
[ http://www.cruisesdeals.ca/man.php?x=XXXXX] We are here.
--b1_f13690b9809de6aba04e5406b1827d00
    Content-Type: text/html; charset=us-ascii
<html>
    <body>
    <br>
    <a href="http://www.cruisesdeals.ca/man.php?x=XXXXX">.</a>
    </body>
    </html>
--b1_f13690b9809de6aba04e5406b1827d00--
Am 22.03.2017 um 11:11 schrieb Christoph Kukulies:
...
Nachdem ich mittlerweile der Verzweiflung nahe bin, weil spam immer 
noch - trotz postgrey - scheinbar ungehindert durchkommt, habe ich 
jetzt zum letzten Mittel gegriffen und in dem DNS-record meines 
Servers einen "fake" MX Eintrag gemacht, derart, daß da jetzt steht
@          IN   10 nolisting
@          IN   20 mail
Normale Mail kommt ungehindert an (darüber bin ich schon mal froh). 
Aber eben kam wieder eine Spam mail der Sorte
amanda durch.
Hier ist sie (habe versucht, die möglicherweise bösartigen Links zu 
neutralisieren). Wenn da das nolisting nichts nütt , scheint sie über 
einen regulären Server gelaufen zu sein, der wiederholt zuzustellen 
versucht, oder?
Grüße
Christoph