|
Hi
Todd:
It's
this line that the other test is checking:
Received: from 65.16.167.134 ([211.249.122.134])
It
discovers that the other side was using YOUR servers IP address in its own HELO
string.
I'm
pretty certain that the "HELOVALID" test in declude will catch that. - but, it
will also be triggered for other conditions that are just sign of clueless mail
admins.
You
could also use a filter to look for your IP range in the
string:
HELO 4
STARTSWITH [
HELO 8
STARTSWITH 65.16.167.
Best
Regards
Andy SchmidtH&M Systems Software, Inc.
600 East Crescent
Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20
(Business)
Fax: +1 201 934-9206
http://www.HM-Software.com/
We are seeing more spam getting
through triggering very few test. We have a secondary spam system and it
has a test called RCVD_FAKE_IP that is rated at 80% of its hold
weight. Does Declude have something similar to this that I
am not familiar with it?
Here is the header from an email that triggered
the test. The EF filters are for the secondary spam system.
Received: from mail2.smart-mail.net
[65.16.167.134] by net.smart-mail.net
(SMTPD32-7.15) id AB4B3C000A0;
Thu, 01 Jul 2004 04:37:15 -0500
Received: from 65.16.167.134
([211.249.122.134])
by mail2.smart-mail.net (SAVSMTP 3.1.0.29) with
SMTP id M2004070104363531669
; Thu, 01 Jul 2004 04:36:42
-0500
X-Message-Info: VFOJY671eYayk6o4EOG324+hwoDFC357LFZwfs
Received:
from mail698.iemz.inbox.lv ([79.132.96.232]) by y799-hab790.inbox.lv with
Microsoft SMTPSVC(5.0.2195.6824);
Thu, 01 Jul 2004 10:39:58
-0100
Received: from DMYES3 (kge27.58.206.86.e874.v.inbox.lv
[236.3.143.229])
by mail92.xb.inbox.lv (3.4.44nqc14/9.238.82) with
SMTP id vxe531B4OJPasl17007;
Thu, 01 Jul 2004 04:33:58
-0700
Message-ID: <[EMAIL PROTECTED]>
From:
"Gus Hebert" <[EMAIL PROTECTED]>
To:
user
References: <[EMAIL PROTECTED]>
Subject:
*--Possible_SPAM--* hellenic
Date: Thu, 01 Jul 2004 13:34:58
+0200
MIME-Version: 1.0
Content-Type:
multipart/alternative;
boundary="--46420503988211891644"
X-Spam-Status:
Possible SPAM, hits=7.200000
required=5.000000
tests=RCVD_FAKE_IP_224:4.200000
tests=BAYES_90:3.000000
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: ROUTING: This E-mail was
routed in a poor manner consistent with spam [2000010f].
X-RBL-Warning:
SPAMCHK: Message failed SPAMCHK: 10.
X-RBL-Warning: EFFILTER: Message
failed EFFILTER test (line 1, weight 0)
X-RBL-Warning: EFFILTER5-9: Message
failed EFFILTER5-9 test (line 2, weight 15)
X-RBL-Warning: EFPOSSIBLESPAM:
Message failed EFPOSSIBLESPAM test (line 2, weight 0)
X-RBL-Warning:
GIBBERISH: Message failed GIBBERISH test (line 410, weight 60) (weight capped
at 60)
X-RBL-Warning: WEIGHT75: Weight of 95 reaches or exceeds the limit
of 75.
X-Declude-Sender: [EMAIL PROTECTED]
[211.249.122.134]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: IPNOTINMX, ROUTING, SPAMCHK, EFFILTER,
EFFILTER5-9, EFPOSSIBLESPAM, GIBBERISH, WEIGHT75, CATCHALLMAILS
[95]
X-Note: Total spam weight of this E-mail is 95 .
X-Note: This
E-mail was sent from
([211.249.122.134]).
|
