i got that same problem along time ago my remote user always expand spam throug my domain, even when the isp ip comes from a bad reputation for live.
start cleaning that ip so that you dont risk your mail server ---- On Fri, Feb 26, 2010 at 1:04 AM, Voytek Eymont <li...@sbt.net.au> wrote: > I have a user site geographically remote to my mail server, I've told them > to use SMTP AUTH to be able to use the SMTP server, but, looking at the > mail header of email I see this[1]; > > doing mxtoolbox lookup I see the IP addresses are listed in several > blacklists[2]; > > one of the addresses is blacklisted for[3]: > > so, the remote site has a problem with potentially malware or spambots; > > I've told them to 'fix it' BUT, in the meanwhile, is there a way to exempt > these user's mails from these sa scores ? > > as now I have a problem with their interoffice emails ending up as spam on > the server spam mailbox > > it's a virtual email hosting, so I'm trying to reduce only this domain's > sa scoring, temprarily, till they fix their problem > > I've entered their domian.tld in spamlovers, though, doesn't seem to help > > > > [1] > X-Spam-Status: No, score=4.768 tagged_above=0.5 required=5.2 > tests=[AWL=-0.099, BAYES_00=-1.9, RCVD_IN_BRBL_LASTEXT=1.449, > RCVD_IN_PBL=3.335, RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982, > TO_NO_BRKTS_DYNIP=1] autolearn=no > > X-Spam-Status: No, score=4.741 tagged_above=0.5 required=5.2 > tests=[BAYES_00=-1.9, RCVD_IN_BL_SPAMCOP_NET=1.347, > RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_PSBL=2.7, RCVD_IN_SORBS_WEB=0.77, > RCVD_IN_XBL=0.375] autolearn=no > > X-Spam-Status: Yes, score=6.783 tag=0.5 tag2=5.2 kill=5.9 > tests=[AWL=-1.776, > BAYES_00=-1.9, FSL_HELO_NON_FQDN_1=0.001, HELO_NO_DOMAIN=1, > HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, > RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_PSBL=2.7, RCVD_IN_RP_RNBL=1.31, > RCVD_IN_SORBS_WEB=0.77, RCVD_IN_XBL=0.375, SUBJ_ALL_CAPS=1.506] > autolearn=no > > [2] > http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a61.90.192.106 > http://cbl.abuseat.org/lookup.cgi?ip=61.90.192.106 > > [3] > --- > It was detected at 2010-02-25 10:00 GMT (+/- 30 minutes), approximately 14 > hours ago. > There will usually be a link to self-remove this IP from the CBL at the > end of this page, but read the following text first > ATTENTION: At the time of detection, this IP was infected with, or NATting > for a computer infected with a high volume spam sending trojan - it is > participating or facilitating a botnet sending spam or spreading > virus/spam trojans. > ATTENTION: If you simply repeatedly remove this IP address from the CBL > without correcting the problem, the CBL WILL eventually stop letting you > delist it and you will have to contact us directly. > > This is the rustock spamBOT > --- > > > -- > Voytek > > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ > ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
