Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Spam with a Pipe Character 1

Status
Not open for further replies.

adamroof

Programmer
Nov 5, 2003
1,107
US
As you can see in the header below, we use Postini on the outside, and Trend on the inside, which does a really good job coexisting.

Lately we have been hit with about 300% more spam and what i have been seeing is that they are adding a "|" in front of the email addresses.

Aside from the exploit purposes of a pipe, is this their new way of bypassing spam filters?

Is there a way in Exchange to drop emails that contain a pipe? I tried sending one myself, but got sysadmin failure of unknown recipient. (from external account). Ive tried adding the rule to trend, but doesnt seem to match.

Code:
Microsoft Mail Internet Headers Version 2.0
Received: from psmtp.com ([64.18.0.49]) by mydomain.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Tue, 14 Apr 2009 05:00:55 -0700
Received: from source ([98.207.138.146]) by exprod5mx.postini.com ([64.18.4.11]) with SMTP;
	Tue, 14 Apr 2009 08:01:04 EDT
[b]To: <|adamr@mydomain.com>[/b]
[b]Subject: For |adamr@mydomain.com[/b]
From: "Myd" <nelativ_1983@FMCHEALTH.ORG>
Mime-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-pstn-levels:     (S: 0.00000/40.06853 CV: 4.7815 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
Return-Path: +._-nelativ_1983@FMCHEALTH.ORG
Message-ID: <fShHGuaPw3bX00000048e@mydomain.com>
X-OriginalArrivalTime: 14 Apr 2009 12:00:55.0844 (UTC) FILETIME=[AAB17E40:01C9BCF8]
Date: 14 Apr 2009 05:00:55 -0700
X-TM-AS-Product-Ver: SMEX-8.2.0.1103-5.600.1016-16580.006
X-TM-AS-Result: Yes-54.684600-5.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No
Code:
Microsoft Mail Internet Headers Version 2.0
Received: from psmtp.com ([64.18.0.110]) by mydomain.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Sat, 11 Apr 2009 17:33:54 -0700
Received: from source ([89.131.196.160]) by exprod5mx.postini.com ([64.18.4.10]) with SMTP;
	Sat, 11 Apr 2009 19:34:01 CDT
From: "DaeHee Lar" <DaeHee-idauhs@infomarch.com>
[b]To: |adamr@mydomain.com[/b]
Subject:  Buffet pees on dollars
MIME-Version: 1.0
Content-Type: text/html; charset = "iso-8859-1"
Content-Transfer-Encoding: 8bit
X-pstn-levels:     (S: 0.07658/99.36768 CV: 5.7539 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
Return-Path: +._-DaeHee-idauhs@infomarch.com
Message-ID: <FRaqbC8wSA1Xv00000320@mydomain.com>
X-OriginalArrivalTime: 12 Apr 2009 00:33:54.0750 (UTC) FILETIME=[5C2E35E0:01C9BB06]
Date: 11 Apr 2009 17:33:54 -0700
X-TM-AS-Product-Ver: SMEX-8.2.0.1103-5.600.1016-16576.003
X-TM-AS-Result: Yes-43.479800-5.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No
 
1st link was very good, but the 2nd SenderID filtering is already in place and doesnt prevent the pipe.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top