Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Spam with a Pipe Character 1

Status
Not open for further replies.
adamroof

adamroof

Programmer
Nov 5, 2003
1,107
0
0
US
As you can see in the header below, we use Postini on the outside, and Trend on the inside, which does a really good job coexisting.

Lately we have been hit with about 300% more spam and what i have been seeing is that they are adding a "|" in front of the email addresses.

Aside from the exploit purposes of a pipe, is this their new way of bypassing spam filters?

Is there a way in Exchange to drop emails that contain a pipe? I tried sending one myself, but got sysadmin failure of unknown recipient. (from external account). Ive tried adding the rule to trend, but doesnt seem to match.

Code: 
Microsoft Mail Internet Headers Version 2.0
Received: from psmtp.com ([64.18.0.49]) by mydomain.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Tue, 14 Apr 2009 05:00:55 -0700
Received: from source ([98.207.138.146]) by exprod5mx.postini.com ([64.18.4.11]) with SMTP;
	Tue, 14 Apr 2009 08:01:04 EDT
[b]To: <|adamr@mydomain.com>[/b]
[b]Subject: For |adamr@mydomain.com[/b]
From: "Myd" <nelativ_1983@FMCHEALTH.ORG>
Mime-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-pstn-levels:     (S: 0.00000/40.06853 CV: 4.7815 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
Return-Path: +._-nelativ_1983@FMCHEALTH.ORG
Message-ID: <fShHGuaPw3bX00000048e@mydomain.com>
X-OriginalArrivalTime: 14 Apr 2009 12:00:55.0844 (UTC) FILETIME=[AAB17E40:01C9BCF8]
Date: 14 Apr 2009 05:00:55 -0700
X-TM-AS-Product-Ver: SMEX-8.2.0.1103-5.600.1016-16580.006
X-TM-AS-Result: Yes-54.684600-5.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No
Code: 
Microsoft Mail Internet Headers Version 2.0
Received: from psmtp.com ([64.18.0.110]) by mydomain.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Sat, 11 Apr 2009 17:33:54 -0700
Received: from source ([89.131.196.160]) by exprod5mx.postini.com ([64.18.4.10]) with SMTP;
	Sat, 11 Apr 2009 19:34:01 CDT
From: "DaeHee Lar" <DaeHee-idauhs@infomarch.com>
[b]To: |adamr@mydomain.com[/b]
Subject:  Buffet pees on dollars
MIME-Version: 1.0
Content-Type: text/html; charset = "iso-8859-1"
Content-Transfer-Encoding: 8bit
X-pstn-levels:     (S: 0.07658/99.36768 CV: 5.7539 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
Return-Path: +._-DaeHee-idauhs@infomarch.com
Message-ID: <FRaqbC8wSA1Xv00000320@mydomain.com>
X-OriginalArrivalTime: 12 Apr 2009 00:33:54.0750 (UTC) FILETIME=[5C2E35E0:01C9BB06]
Date: 11 Apr 2009 17:33:54 -0700
X-TM-AS-Product-Ver: SMEX-8.2.0.1103-5.600.1016-16576.003
X-TM-AS-Result: Yes-43.479800-5.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No
 
Sort by date Sort by votes
1st link was very good, but the 2nd SenderID filtering is already in place and doesnt prevent the pipe.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Brent Fletcher
  • Locked
  • Question
Exchange rule to remove &quot;✉&quot; icon when it appears in a subject title from a supplier
Replies
0
Views
605
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
567
Wesaf
Wesaf
BroBias
  • Locked
  • Question
mailbox databases dismounting frequently without followable reason
Replies
1
Views
591
BroBias
BroBias
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
677
microsGuy16
microsGuy16
Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
568
Satishkumar007
Satishkumar007

Part and Inventory Search

Sponsor

Back
Top