[Assp-user] Spam even when from ISP

Matti Haack Mon, 08 Jan 2007 03:06:40 -0800

Hello,

it looks liek something with basian-test mode is broken:


I  got same mail via a stor and forward malserver (postfix/Spamassain)
to  a  valid  user  (they  have a catch all account) on our ASSP/IMAIL
server:

The log file says:

Jan-6-07 22:37:34 xx.10.201.53 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] 
recipient accepted: [EMAIL PROTECTED]
Jan-6-07 22:37:34 xx.10.201.53 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] 
Received-URIBL: pass
Jan-6-07 22:37:34 xx.10.201.53 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] 
Bayesian spam _SPAM_burlap_not_
Jan-6-07 22:37:34 xx.10.201.53 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] is 
disconnected

My Problem is:
The   sender   of  this  spam  was  faked.  And  the legitimate holder
([EMAIL PROTECTED])  of  this  faked  adress got a bounce mail via 85.10.201.53
telling:
Final-Recipient: rfc822; [EMAIL PROTECTED]
Original-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.7.1
Remote-MTA: dns; mail.internethit.de
Diagnostic-Code: smtp; 554  5.7.1 Error You are on the Penalty list 
because you
     violated our Anti-Spam policy. Retry in six+ hours or contact
     [EMAIL PROTECTED]

The last sentence is the Penalty-Block message from our ASSP server.
Why could this happen?

a) xx.10.201.53 is in the ISP/relay for section
b) Baysian ist in test mode - but this seems to be ignored

Why  was  the  message  rejected? It should not be blocked by pb (and
xx.10.201.53  is  not on pb - so why did they get the pb message?) and
it should not be blockes while basian testmode is on.

this  issue is connected to only some special emails. Normaly it looks
like:
85.10.201.53 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] recipient accepted: 
[EMAIL PROTECTED]
Jan-4-07 00:29:55 85.10.201.53 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] 
Received-URIBL: pass
Jan-4-07 00:29:56 85.10.201.53 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] 
passing if safe because testmode, otherwise Bayesian spam
Jan-4-07 00:29:56 85.10.201.53 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] spam 
determined to be safe, passing on to recipient 
_SPAM_A_MOIST_PACIFIC_FRONTAL_SYSTEM_MOVING_INTO_F  -> h:\assp/spam/15202.eml
Jan-4-07 00:29:56 

My assp Version is 1.2.7()   [sic]
I will try 1.2.7.1 now

Any idea?

Matti


- 
Matti Haack - Hit Haack IT Service Gmbh
Poltlbauer Weg 4, D-94036 Passau
+49 851 50477-22 Fax: +49 851 50477-29
http://www.haack-it.de



Besuchen Sie jetzt unseren neuen INTERNET&NETWORK Security Shop mit 
faszinierenden Angeboten rund um Ihre Netzwerk- Sicherheit:
http://www.inn.de 


-- Ausgehende E-Mail wurde auf Viren gescannt  --

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

[Assp-user] Spam even when from ISP

Reply via email to