A new interesting SPAM bypassing SPF validation...
Hi All,
I received a notification from one of our user that he had received a SPAM message with his own EMail address as sender.
Our Ironports are configured for SPF validation so I was quite curious to find out that indeed, the sender was his email address.
See the SMTP headers here (some host names have been sanitized) below. The interesting trick here is that the spammer uses SPF headers with an "Envelope-from" and an X-Sender.
Any idea how we could block this ?
Cheers,
Fred
Microsoft Mail Internet Headers Version 2.0
Received: from TIGER by PUMA with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 5 Sep 2008 11:58:04 +0100
Received: from ironport-2.champ.aero by TIGER with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 5 Sep 2008 11:58:04 +0100
Authentication-Results: ironport-2.champ.aero; dkim=neutral (message not signed) header.i=none
Received-SPF: None identity=pra; client-ip=220.227.219.2;
receiver=mxfarm.champ.aero;
envelope-from="[email protected]";
x-sender="[email protected]";
x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=220.227.219.2;
receiver=mxfarm.champ.aero;
envelope-from="[email protected]";
x-sender="[email protected]";
x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=220.227.219.2;
receiver=mxfarm.champ.aero;
envelope-from="[email protected]";
x-sender="postmaster@kumar-e3c4892c0";
x-conformance=sidf_compatible
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AmFYACGrwEjc49sCYWdsb2JhbAARgTSBH4NaimMLgQEcIEsBjT6WOmoJcg
X-IronPort-AV: E=Sophos;i="4.32,320,1217808000";
d="scan'208,217";a="3729856"
Received: from unknown (HELO kumar-e3c4892c0) ([220.227.219.2])
by ironport-2.champ.aero with SMTP; 05 Sep 2008 10:58:00 +0000
X-SID-PRA: Malaki Jamison <dus>
X-SID-Result: Pass
X-Originating-IP: [72.51.74.05]
Return-Path: [email protected]
Message-ID: <20080905092802>
To: <dus>
Subject: Your Monthly Alerts
From: Paloma Marques <dus>
MIME-Version: 1.0
Importance: Normal
Content-Type: multipart/alternative;
boundary="_b693bc36-9df7-4029-b503-7d7fe8a809f4_"
X-OriginalArrivalTime: 05 Sep 2008 10:58:04.0811 (UTC) FILETIME=[45B0C5B0:01C90F46]
Date: 5 Sep 2008 11:58:04 +0100
--_b693bc36-9df7-4029-b503-7d7fe8a809f4_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_b693bc36-9df7-4029-b503-7d7fe8a809f4_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello,
Sorry but it looks that in your case the spammer does not use any SPF entry. Because for the all three types you have a None value, see the lines from your post:
Received-SPF: None identity=pra; client-ip=220.227.219.2;
Received-SPF: None identity=mailfrom; client-ip=220.227.219.2;
Received-SPF: None identity=helo; client-ip=220.227.219.2;
Regards.
Similar Messages
-
it says that the download for the new itunes is not a valid Wn32 application. what do i do?
I'd first try downloading an installer from the Apple website using a different web browser:
http://www.apple.com/itunes/download/
If you use Firefox instead of IE for the download (or vice versa), do you get a working installer? -
ZTable new entries need to be validated
hi,
Ztable new entries need to be validated.Only the F4 help value should be populated in fields.Few fields are not bringing the F4 help.And when I am trying to save any random data into the field,its saving in the ztable.
i want ONLY F4 HELP values to be saved into the ZTABLE.
Please advice.Hi,
1. For Possible entries :
Create the foreign key relationship for the fields in the custom table.
2. For Other validations againt the data entered for the field.
You have to Generate the table maintenance for this custom table in SE11.
After generating the table maintenace for this table there will be a program name
and screen number for this table.
The program name can be identified after running the maintenance generator.
System->Status->Program(screen)
System->Status->Screen number
The program will be generated with SAPLZXXXXXXX
For eg :
Function group : ZEURMM000
Program name : SAPLZEURMM000
Screen number : from the table maintenance generator
You can find the PAI of for this table.
Write new module between chain and endchain statement.
CHAIN.
FIELD ZMM001-ZPLANT .
FIELD ZMM001-ZDES .
MODULE get_Zdes. "Added new code
MODULE SET_UPDATE_FLAG ON CHAIN-REQUEST.
ENDCHAIN.
MODULE get_zdes iNPUT.
data : lv_zdes type ZMM001-ZDES.
CLEAR ZMM001-ZDES.
SELECT SINGLE zdes
INTO lv_ZDES
FROM CHECK_TABLE "The values needs to be validated
WHERE PLANT = ZMM001-ZPLANT
AND ZDES = CHECK_TABLE-ZDES.
if sy-subr <> 0.
message.
endif.
ENDMODULE. " GET_CARNO_DES INPUT
All the User PAI statements can be performed in the subrouine LZEURMMXXXO01 of the generated program SAPLZEURMM000.
Best Regards,
Senthilraj Selvaraj -
If I buy the new ipad in New York is the guarantee valid in England
if I buy the new ipad in New York is the guarantee valid in England (UK)
Apple Warranty Information
Review your support and service coverage
Warranty Information and Support and Service Coverage
Read the warranty
For future reference consult your warranty for questions regarding what is covered. Apple is the final authority on what will be covered by their warranty, so questions about the warranty should be directed to AppleCare. The Discussions are user-supported so we have no authority to say what Apple will or won't do with respect to their business practices.
Any advice about warranties or other Apple business practices that you receive here should be considered opinion only. AppleCare is the authority on warranty coverage.
Contacting Apple for support and service -
Anyone have luck beating the new image spam with "rules"?
Has anyone figured out how to write rules that block that very annoying new (dozen-message-per-day) image spam? The kind with "torn" bits that reassemble to defeat my ISP's spam-words filters?
Personally, I favor the death penalty for the producers, and at least a cane lashing to anyone who replies, but since that's not going to happen in my lifetime, I want to banish this drivel from my box.
I've tried a few things, but I'm not finding the magic bullet(s). These parasitic missives must have something in common that I can utilize to redirect the junk into electronic Gehenna.
If there are no solutions in the Mac Mail rules settings, I'll probably make draconian changes in the settings my ISP provides, but that means I'll also be blocking a lot of mail I want.Rules for this kind of messages have been suggested in many places, including this forum, and Allan has already provided two examples.
I personally believe such rules are a bad idea and a waste of time. IMO, the best way to deal with those messages is to just manually mark them as junk. Contrary to what many people think, Mail’s built-in junk filter can learn to recognize those messages as junk; it takes more time that with other types of junk, but it works pretty well. I don’t have any such rules set up in Mail, yet in my case the junk filter correctly marks almost all of them as junk without me having to do anything else. -
New-CMTaskSequenceMedia returns asking for valid UNC patch
I am trying to create a new unattended OSD boot media via powershell for us to use in the automation of VM template creation. The problem is when I run the New-CMTaskSequenceMedia command below:
New-CMTaskSequenceMedia -BootableMediaOption -BootImageId IDFROMSCCM -DistributionPointServerName DPName -ManagementPointServerName MP1,MP2,MP3 -MediaInputType CDDVD -MediaMode Dynamic -ProtectPassword $False -AllowUnattendedDeployment $True -CommandDistributionPointServerName
DPName -CommandIncludeFile $True -Commandline "wscript.exe TSEnvVar.vbs" -CommandPackageName "Package Name" -CreateMediaSelfCertificate $False -EnablePrestartCommand $True -EnableUnknownSupport $True -MediaPath \\NetworkServer\pkgs$\OSD\Servers\BootMedia\Testing\VMTemp08R2.iso
It returns
WARNING: This field must take the form of either a drive\directory path:
<drive letter>:\<directory path>\<file name>
or a valid UNC path:
\\<server>\<directory path>\<file name>
I've tried modifying my -MediaPath parameter to c:\temp\VMTemp08R2.iso to test but get the same message. Any assistance with this would be appreciated. "This Field" is a little vague of a message with so many parameters required in this command.Hi,
The media path should be enclosed in double quote.
New-CMTaskSequenceMedia -BootableMediaOption -BootImageId IDFROMSCCM -DistributionPointServerName DPName -ManagementPointServerName MP1,MP2,MP3 -MediaInputType CDDVD -MediaMode Dynamic -ProtectPassword $False -AllowUnattendedDeployment $True -CommandDistributionPointServerName
DPName -CommandIncludeFile $True -Commandline "wscript.exe TSEnvVar.vbs" -CommandPackageName "Package Name" -CreateMediaSelfCertificate $False -EnablePrestartCommand $True -EnableUnknownSupport $True -MediaPath
"\\NetworkServer\pkgs$\OSD\Servers\BootMedia\Testing\VMTemp08R2.iso"
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Opening a new window after computations and validations
Hi all
I want to open a new popUp window after a submit button is clicked but this window should open only after all the validations assosiated with this button are executed. Please note that, I want to open this window before the process associated with this button can fire
Any thoughts??
Message was edited by:
ShantanuHeres what I did
I created a process called status bar to execute on submit and after computatuions and validations. This process contained the javascript to launch my new popup. This is the first process in after submit catagory. Logically it is supposed to execute before any other process but the problem is ...
The status bar process is not executing on submit after computations and validations.I tried changing its process point to before computations and validatuions. No problems on before computations and validations if I have some validations error on that page. But if everything is validated in this case as well, We don't get the status window.
If this is any help, here r the contents of the process in question :
htp.p('<script language=javascript>');
htp.p('function statusbar(page)');
htp.p('{');
htp.p('url = "http://flexfareserver:7777/pls/apex/f?p=101:" + page + ":&APP_SESSION.";');
htp.p('win = window.open(url,"","Scrollbars=0,resizable=0,width=600,height=500");');
htp.p('}');
htp.p('statusbar(4)');
htp.p('</script>');
rout(11);
end
Notice the last statement in the process. This is a call to an external procedure called rout. This executes fine but just the htp.p is giving me problem, only in the particular case I spotted out.
Please help -
New iPad REFUSES to acknowledge valid Apple ID?
I have a "fresh from the factory, just out of the box" iPad 2. I was trying to run the setup, and when it got to the part to sign in using my EXISTING Apple ID, the iPad refuses to acknowledge the VALID Apple ID. Ironically, I have to use this selfsame Apple ID in order to post this question. AND, I use this Apple ID in order to use my iPod. What is the fix for this?
Hi,
I've come here looking for answers to exactly the same question, although using a brand new ipad3.
I'm unable to log into itunes or app store using my apple id which I created earlier this evening, although I can log onto the apple website to maintain my id and also to get onto this forum.
I've just emailed support for an answer, hopefully they will give stops to resolve the issue, or someone in the know will already know the answer on here. -
Satellite U305 - New Intel drivers are not validated
I have a problem installing newest graphic drivers for Intel 965 express. Everytime I get a message that the driver being installed is not validated for this computer.
I got my drivers directly from Intel site because those are the newest ones (Toshiba site gives 2007 drivers only) but they does not work.
It looks like somehow Toshiba is blocking this driver for some reason but I don't know why
Computer:
Toshiba Satellite U305
Windows Vista Home Premium installed (32-bit)Hi!
I had the same issue on my Satellite U400 notebook. I have solved this issue on this way:
Before I installed the new driver I have removed the old version. You should find it in control panel > Add/Remove programs. Then restart your notebook.
After restarting you will get the same error message I think but then you can install the driver manual. Therefore go in device manager and select the graphic card. Click on update driver and use the advanced installation. In the next windows choose the driver directory yourself.
After restarting the notebook the new driver should be installed.
Greets -
Create new output and bypass the old output
Hello Gurus,
Currently we have an output type (YAB1) that is created for all customers and item categories for application V2. New requirement is to create new output (YAB2) that exactly works as old one with one difference is that new output type YAB2 should be created for specific customers. Also bypass creation of old output YAB1.
I understand how can we create new output YAB2 for specific customers. How can I by pass these customers from the old output YAB1. Please help me.
Thank you so much for your time,
Regards,
PavanThank you so much for your replies,
Sampath, Can you please provide more details of how can I create requirement. Is there any possibility of using NACE condition entries.
What I think is create a custom table and maintain customers to whom YAB2 created. When YAB1 is created I read the table and when customer is found then set return code to 4 so that it is bypassed. We need YAB1 output for other customers.
Is there any better approach?
Regards,
Pavan
Edited by: Pavan1 on May 26, 2011 12:46 AM
Edited by: Pavan1 on May 26, 2011 12:47 AM -
I keep getting an invalid security code mwessage when I try to update my credit card info, the code is valid yet I am still getting this message. HELP!
Take a look here:
http://support.apple.com/kb/TS1646
If that doesn't help, go here:
http://www.apple.com/support/itunes/contact/
and follow the instructions to report the issue to the iTunes Store.
Regards. -
New download serial bnumbers "not valid"
Well I bought the bundle premeire elements 7 and photoshop 7 last night.. after 2 hours waiting for the download I got the serial numbers they sent with the order and punched them in... "not valid" it says.. so then I call Adobe ... wait till monday? What? monday? I bought it online to use immediatly.. anyone know what I might try or possibly what I 'm doing wrong? thanks..
Did you type in the serial numbers with dashes between them? Try it without. Or vice versa.
Did you ensure that you were using the Photoshop Elements serial number for Photo Elements and the Premiere Elements serial number for Premiere Elements and you didn't mix them up?
Otherwise,I'm not sure what to tell you, Gonzalo. Only Adobe can distribute serial numbers. -
I'm trying to figure out if this is a virus or not. When I open the various links they enter sites I did not ask for and often they say I have won something or should register for something
This type of behavior can be caused by malware, try running a full scan with your anti-virus and anti-malware scanners.
-
How to make new directory to check the valid path?
Hi gurus,
Is there a way to validate the path while creating DIRECTORY?
e.g. SQL> CREATE DIRECTORY dump_dir AS 'u01/users/dump';
Can I validate the path from the SQL?
Thanks,
PrakashOracle doesn't check the path exists, you must make sure the path is well written and it really exists on your OS. In the case of Unix like OS' you must make sure it has enough privileges for the oracle os user to be able to at least read and write if required.
~ Madrid -
Mac OSX 10.3.9
You can't update Firefox beyond Firefox 2.0.0.20 if you use Mac OS X 10.3.9
Firefox 2.0.0.20 is the last Firefox version that runs on your OS and on a PowerPC Mac.
*http://www.mozilla.org/en-US/firefox/15.0/system-requirements/
*http://www.mozilla.org/en-US/firefox/3.6.28/system-requirements/
Maybe you are looking for
-
CANNOT OPEN NEF PICTURES IN CS3. PLEASSE HELP. JACQUES
-
Export to PDF, upload PDF to flash base software, type become garbled
Export Indesign5 document to PDF, uploaded PDF to online flash base software. some of type become garbled. Do you have any idea to solve problem?
-
Hi everyone, Does somebody have already used a ratio of type date in bps ? thanks in advance, L.
-
Unable to form a single cluster island. Two clusters formed and kills one
I am trying to use ReplicatedCache and deployed the web application on four Webspher appserver JVMs in two linux servers (2 boxes). Server1 (A&B) Server2 (A&B). Server1A and Server2A physical clusters and likewise Server1B and Server2B are physical c
-
How to find out warranty remaining on a graphics card?
Hi, I have a faulty R7850 Twin Frozr III which a few days ago began artifacting on the desktop and has now started to 'black screen' upon loading the Windows desktop. After contacting the official seller of the card where it was purchased, they have