Excuse me for yacking up a storm, but I do have something totally on topic that I came across recently. The headers below show a message that missed hitting on some DNSBL's. I'm using a bit of a trick here in that both DSBL and XBL are defined twice, once with (DYNA) appended so that a last hop gets scored exclusively, and once with (ALL) where it will scan on any hit up to 4 hops down. My config looks like the following:
DSBL(DYNA) ip4r list.dsbl.org 127.0.0.2 5 0 DSBL(ALL) ip4r list.dsbl.org 127.0.0.2 2 0 XBL(DYNA) ip4r sbl-xbl.spamhaus.org 127.0.0.4 6 0 XBL(ALL) ip4r sbl-xbl.spamhaus.org 127.0.0.4 2 0
The message came from a last hop that should have tripped all 4 of these tests, but for some reason it missed both (DYNA) tests. The only thing that I can come up with is some bug related to the second hop which has a reserved IP forged in the headers (along with my domain forged). This technique of separating (DYNA) and (ALL) otherwise has been working reliably to the best of my knowledge for several months. I did also check to see if the private IP tripped those tests as the results suggest, and it wasn't listed. Could this be related to some internal intelligence for skipping lookups on private IP's throwing off the DYNA skipping?
Thanks,
Matt
Received: from schexnayder1 [68.114.98.141] by igaia.com
(SMTPD32-8.05) id A4C61E50274; Thu, 25 Mar 2004 18:01:26 -0500
Received: from schexnayder1 [192.168.1.101] by igaia.com with SMTP; Thu, 25 Mar 2004 17:01:20 -0600
Message-ID: <[EMAIL PROTECTED]>
From: "Margaret Nolan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: my free webcam
Date: Thu, 25 Mar 2004 17:01:20 -0600
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
X-Priority: 3
X-Mailer: iPHP
Return-Path: [EMAIL PROTECTED]
XMP-Context: <bWF0dEBpZ2FpYS5jb20=>
X-MailPure: ================================================================
X-MailPure: DSBL(ALL): Failed, listed in list.dsbl.org (weight 2).
X-MailPure: XBL(ALL): Failed, listed in sbl-xbl.spamhaus.org (weight 2).
X-MailPure: LEGITCONTENT: Passed, legitimate content detected (weight -2).
X-MailPure: FORGEDFROM: Message failed FORGEDFROM test (weight 2).
X-MailPure: DYNAMIC: Message failed DYNAMIC test (line 103, weight 2) (weight capped at 2).
X-MailPure: IPLINKED: Message failed IPLINKED test (line 134, weight 3) (weight capped at 3).
X-MailPure: ================================================================
X-MailPure: Spam Score: 9
X-MailPure: Scan Time: 18:01:41 on 03/25/2004
X-MailPure: Spool File: D64c601e502742c91.SMD
X-MailPure: Server Name: schexnayder1
X-MailPure: SMTP Sender: [EMAIL PROTECTED]
X-MailPure: Received From: cable-68-114-98-141.sli.la.charter.com [68.114.98.141]
X-MailPure: Country Chain: UNITED STATES->destination
X-MailPure: ================================================================
X-MailPure: Spam and virus blocking services provided by MailPure.com
X-MailPure: ================================================================
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
