Ban all mail from: X-Mailer: The Bat!

RadMan

Verified User
Joined
Apr 12, 2007
Messages
209
Location
Canada
Is there any way to ban all mail produced by this software " http://www.ritlabs.com/en/products/thebat/" from a server???...

It's an unbelievebale producer of spam mail..
 
It is probably not emails from The Bat (which is simply an email client AFAIK), but spam senders who are spoofing its headers?

If you do want to block all emails from this client (not advisable) or want to help SpamAssassin pick them up as SPAM, you may want to look at writing your own SpamAssassin headers rule to score them as SPAM.

I won't go into specifics (as personally I am not sure that this is a good idea), but will point you in the direction of a simple guide to writing your own rules:

http://wiki.apache.org/spamassassin/WritingRules
 
It is probably not emails from The Bat (which is simply an email client AFAIK), but spam senders who are spoofing its headers?

If you do want to block all emails from this client (not advisable) or want to help SpamAssassin pick them up as SPAM, you may want to look at writing your own SpamAssassin headers rule to score them as SPAM.

I won't go into specifics (as personally I am not sure that this is a good idea), but will point you in the direction of a simple guide to writing your own rules:

http://wiki.apache.org/spamassassin/WritingRules


Thanks... Will check it out... I'm just getting tired of seeing that software in every second or third peice of crap that is being spammed to sites on the servers...

Cheers...
 
Crap.. Here's another piece of crap I just got while I was posting the above message.. grrrrrrrrrrrr....

Code:
X-Apparently-To: [email protected] via 216.39.53.225; Tue, 26 Jun 2007 15:41:09 -0700
X-YahooFilteredBulk: 204.15.197.35
X-Originating-IP: [204.15.197.35]
Authentication-Results: mta105.rog.mail.scd.yahoo.com  from=gmail.com; domainkeys=neutral (no sig)
Received: from 204.15.197.35  (EHLO server1.buckagb.net) (204.15.197.35)
  by mta105.rog.mail.scd.yahoo.com with SMTP; Tue, 26 Jun 2007 15:41:09 -0700
Received: from adsl128.jetzweb.de ([217.65.16.128])
	by server1.buckagb.net with esmtp (Exim 4.67)
	(envelope-from <[email protected]>)
	id 1I3Jie-0004Jx-Eq
	for [email protected]; Tue, 26 Jun 2007 18:41:08 -0400
Received: from [217.65.16.128] by alt2.gmail-smtp-in.l.google.com; Tue, 26 Jun 2007 22:41:05 -0100
Date: Tue, 26 Jun 2007 22:41:05 -0100
From: "Kerri Langston" <[email protected]>
[COLOR="Red"][b]X-Mailer: The Bat! (v2.00.3) Personal[/b][/COLOR]
Reply-To: [email protected]
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: [Bulk] Incredible opportunity
MIME-Version: 1.0
Content-Type: text/html;
  charset=Windows-1252
Content-Transfer-Encoding: 7bit

and here is the one just before the one above... :mad:

Code:
X-Apparently-To: [email protected] via 216.39.53.237; Tue, 26 Jun 2007 13:22:14 -0700
X-YahooFilteredBulk: 204.15.197.35
X-Originating-IP: [204.15.197.35]
Authentication-Results: mta102.rog.mail.re2.yahoo.com  from=; domainkeys=neutral (no sig)
Received: from 204.15.197.35  (EHLO server1.buckagb.net) (204.15.197.35)
  by mta102.rog.mail.re2.yahoo.com with SMTP; Tue, 26 Jun 2007 13:22:14 -0700
Received: from dy232.opt2.point.ne.jp ([210.235.241.232])
	by server1.buckagb.net with esmtp (Exim 4.67)
	(envelope-from <[email protected]>)
	id 1I3EIe-0008KB-Bh
	for [email protected]; Tue, 26 Jun 2007 12:53:56 -0400
Received: from [210.235.241.232] by f.mx.mail.yahoo.com; Tue, 26 Jun 2007 16:42:39 -0900
Date:	Tue, 26 Jun 2007 16:42:39 -0900
From:	"Juan Parsons" <[email protected]>
[B][COLOR="Red"]X-Mailer: The Bat! (v3.5.30) Educational[/COLOR][/B]
Reply-To: [email protected]
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: [Bulk] Don't be impotent
MIME-Version: 1.0
Content-Type: text/html;
  charset=Windows-1252
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

<style>
Die Folge: Eine Prozess-Lotteriein weiten Teilen Deutschlands Überschwemmungen und Brände verursacht. In der Nacht waren laut Was machbar ist, legt zum Beispiel das Landgericht Hamburg sehr großzügig aus. Bestes Beispiel ist das sogenannte Heise-Urteil. Dabei ging es um einen Kommentar im Forum des IT-Verlags. Heise-Justiziar Heidrich: "So sagt etwa das Landgericht Hamburg, es sei dem Heise Verlag zumutbar, ein Forum mit 200.000 Einträgen im Monat zu überwachen."    * Verlieben Sie sich jetzt und für immer! Zeit für den Partner fürs Leben!von rund 120 Stundenkilometern gemessen. Auf der Autobahn 81 von Würzburg in Richtung Weinsberger Kreuz WISSENSCHAFT    *      Mitmach-Netz: Flickr filtert den Protest (19.06.2007)    *durch die Luft. Dabei bohrte sich eine vier Meter lange Metallstange in ein Rettungsfahrzeug und töteteKULTURLandung abgesagt: "Atlantis"fliegt bald auf ReserveANZEIGE
</style>
<div><style>
COM!X      FLIXSPIEGEL- DOSSIERS      Viren: Alle Nachrichten zum Thema	Gehaltscheck 		KostenlosesRechner    *      Zwiebelfisch 3: Der kleine E- Mail- KniggePanopti.com - Die schöne neue Welt der Überwachung: So anschaulich wie nur selten macht die Flash- Präsentation des Designers Johannes Widmer klar, dass das Thema Datenschutz uns alle angeht. Beispielhafte Flash- Animationen Teil 1, hosted by SPIEGEL ONLINE	500 HeadhunterCHRISTIAN STÖCKER: "SECOND LIFE"    *    *SILBERSCHEIBEN      Dritte- Welt- PC: 100- Dollar- Laptop läuft mit Jojo- Antrieb    *    *Versicherung    *
</style>
<a href="http://thois.branchcrease.hk/?082406158499">http://oqkof.sincecircle.hk/?629733423917</a>
</div>
<style>
Vergleich 	SPIEGEL ONLINE 	Rezensionen 		Währungs-      DVD- Filmbeileger: Schmusekätzchen im Farbenrausch      DVD- Filmbeileger: Verführerische Cowboys    *      Dritte- Welt- PC: 100- Dollar- Laptop läuft mit Jojo- Antrieb
</style>


</BODY></HTML>

Will definitely be doing some learning in short order.. :)
 
Back
Top