I intentionaly started new threat, simmilar to existing one, but with different details.
Past few months I notice hundreds and thousands of emails in SMTP -> OUTBOUND Queue. All are very simmilar, like this one:
Code: Select all
Received: from MYDOMAIN ([127.0.0.1]) by mydomain.com with MailEnable ESMTP; Thu, 05 Mar 2009 10:22:58 +0100 Date: Thu, 05 Mar 2009 10:22:58 +0100 Subject: Who would refuse from a nice sum of money? Sign up if you are not an exception. To: email@example.com From: Marty Mason <firstname.lastname@example.org> Reply-To: email@example.com MIME-Version: 1.0 Content-Type: text/plain; Charset=windows-1251 Content-Transfer-Encoding: 8bit X-ME-Bayesian: 0.000000 Dreaming of becoming a permanent millionaire? Then don't lose your chance to win your first money. Sign up and we won't keep you waiting long for your first bonus. Feel free to start your new lucrative business right now. http://sicheridioten.si.funpic.de/800.php
Now, I have ME latest version, and it is configured to receive and relay only LOCAL mail, from 127.0.0.1, and listening port is some high port, like 61234, which is opened only locally.
Access to this port is enabled only for local IIS SMTP service, and my SMTP proxy server.
I stopped IIS SMTP service, and blocked all mail with FROM or TO or CC field, containing "aol.com" or "netscape.com" on both, my SMTP proxy and in ME (in ME filter -> delete message).But still, mail is filling SMTP outbound queue!
Why is ME filtering not working?
Any other idea, how is this spam coming thru?