BLOCKING AOL SPAM
Dieser Blogeintrag wurde ursprünglich auf insecure.so veröffentlich.
If you are running your own mail services, you might already have noticed, that there is a lot of SPAM originating (or actually faking) from @aol.com addresses. The layout of the mails is mostly the same all the time. The subject will have something like „Fw: News!“ or just „Fw: “ in it and the mail body usually starts with „Hello! http://<some bogus url>“ or similar. Following the link will bring you to some „lose some weight“ pages- I haven’t analyzed if some malware is propagated through them.
If you are having issues to filter these kind of mails with your anti-SPAM system, here is a simple and fast solution to block these mails. After analyzing the mail headers, I found that the spammers are doing something very specific with the Message-ID of these mails. The Message-ID of the mails always look like this: <[email protected] <fromaddress>.
This is not, how a message id should look like, so I set up a header check in my Postfix configuration. This simple regular expression will solve the issue:
/^Message-ID: <.*@aol\.com <.*@.*>.*/i DISCARD Illegal Message-ID SPAM
Your mailserver will still accept the mail, but will silently discard if the mail holds one of these illegal message ids.