[gb-users] RE: {Spam?} [gb-users] gb-users list being marked as spam

Martin Hepworth Mon, 28 Nov 2005 01:18:55 -0800

Looks like someone is ruuning a really old version of spamassassin as well.
I got the email and it showed a version 2.55 in the headers. If I remember
rightly this has at least one nasty vulnerability in it.


--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: Don Drake [mailto:[EMAIL PROTECTED]
> Sent: 26 November 2005 22:17
> To: [EMAIL PROTECTED]; [email protected]
> Subject: {Spam?} [gb-users] gb-users list being marked as spam
> 
> Did GTA recently change ISP's?  I just noticed most GB-USERS email is
> being
> flagged as spam by my server and it's due to the SPF configuration of
> gta.com.
> 
> 
> 
> Here's a recent header:
> 
> 
> 
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
>         katie.drakeconsult.com
> X-Spam-Level: *****
> X-Spam-Status: Yes, score=5.7 required=5.0 tests=BAYES_50,RATWARE_MS_HASH,
>         SPF_HELO_SOFTFAIL,SPF_SOFTFAIL autolearn=no version=3.1.0
> X-Spam-Report:
>         *  1.4 SPF_SOFTFAIL SPF: sender does not match SPF record
> (softfail)
>         *      [SPF failed: Please see
> http://spf.pobox.com/why.html?sender=gb-users-return-2304-
> don%3Ddrakeconsult
> .com%40gta.com&ip=24.227.126.130&receiver=katie.drakeconsult.com]
>         *  2.4 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record
> (softfail)
>         *      [SPF failed: Please see
> http://spf.pobox.com/why.html?sender=gta.com&ip=24.227.126.130&receiver=ka
> ti
> e.drakeconsult.com]
>         *  0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
>         *      [score: 0.5001]
>         *  1.9 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash)
> found
> Received: from gta.com (24.227.126.130:3650)
>         by incoming.maillaunder.com with [XMail 1.20 ESMTP Server]
>         id <S371FB3> for <[EMAIL PROTECTED]> from
> <[EMAIL PROTECTED]>;
>         Thu, 24 Nov 2005 08:06:05 -0600
> Received: (qmail 79088 invoked by alias); 24 Nov 2005 14:06:01 -0000
> Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
> Precedence: bulk
> List-Post: <mailto:[email protected]>
> List-Help: <mailto:[EMAIL PROTECTED]>
> List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
> List-Subscribe: <mailto:[EMAIL PROTECTED]>
> Delivered-To: mailing list [email protected]
> Delivered-To: [email protected]
> Received: (qmail 79071 invoked by uid 0); 24 Nov 2005 14:06:01 -0000
> X-GB-Rule: 7
> X-GB-Received: from mail.solid-state-logic.com (193.117.244.250) by
>   mailgate2.gta.com (199.120.225.5); 3.7.2 pre-release a; 24 Nov 2005
>   09:06:00 -0500
> X-GB-From: [EMAIL PROTECTED]
> X-GB-To: [email protected]
> X-GB-AS-summary:  2,-4,0,253d7adf9903369c,367b350d6234bb7e,[EMAIL PROTECTED]
>   -state-logic.co
>   m,[email protected],RULES_HIT:10:69:355:379:539:541:542:599:600:601:94
>   5:946:967:973:980:988:989:1155:1156:1160:1260:1261:1277:1311:1313:131
>   4:1345:1359:1437:1515:1516:1518:1534:1543:1593:1594:1605:1711:1730:17
>   47:1766:1785:2075:2078:2393:2525:2553:2559:2564:2682:2685:2741:2857:2
>   859:2900:2901:2933:2937:2939:2942:2945:2947:2951:2954:3022:3027:3934,
>   0,RBL:none,CacheIP:none,Bayesian:0.5,1.49764e-05,0.5,Netcheck:none,Do
>   mainCache:0,MSF:not bulk
> X-GB-AS: unknown, (score 2, 0 seconds)
> X-GB-AV: none found (0 seconds)
> From: "Martin Hepworth" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>, <[email protected]>
> Date: Thu, 24 Nov 2005 14:05:41 -0000
> Message-Id: <[EMAIL PROTECTED]>
> Mime-Version: 1.0
> Content-Type: text/plain; charset="US-ASCII"
> Content-Transfer-Encoding: 7bit
> X-Mailer: Microsoft Office Outlook 11
> In-Reply-To: <[EMAIL PROTECTED]>
> Thread-Index: AcXvoTZmTfBq/X+SQXi3hgsOpQKC3gBXspEw
> X-Solid-State-Logic-MailScanner-Information: Please contact Solid State
>   Logic for more information
> X-Solid-State-Logic-MailScanner: Found to be clean
> X-Solid-State-Logic-MailScanner-From: [EMAIL PROTECTED]
> Subject: RE: [gb-users] Two Public Networks - One Provider
> 
> 
> 
> Here's your current SPF record:
> 
> [EMAIL PROTECTED] drake]$ dig gta.com txt
> 
> 
> 
> ; <<>> DiG 9.2.3 <<>> gta.com txt
> 
> ;; global options:  printcmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64725
> 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 4
> 
> 
> 
> ;; QUESTION SECTION:
> 
> ;gta.com.                       IN      TXT
> 
> 
> 
> ;; ANSWER SECTION:
> 
> gta.com.                300     IN      TXT     "v=spf1 ip4:199.120.225.20
> ip4:199.120.225.4 ~all"
> 
> 
> 
> ;; AUTHORITY SECTION:
> 
> gta.com.                300     IN      NS      ns2.gta.com.
> 
> gta.com.                300     IN      NS      ns2.everydns.net.
> 
> gta.com.                300     IN      NS      ns3.everydns.net.
> 
> gta.com.                300     IN      NS      ns4.everydns.net.
> 
> gta.com.                300     IN      NS      ns1.gta.com.
> 
> gta.com.                300     IN      NS      ns1.everydns.net.
> 
> 
> 
> ;; ADDITIONAL SECTION:
> 
> ns1.everydns.net.       172394  IN      A       64.158.219.3
> 
> ns2.everydns.net.       172394  IN      A       216.218.240.206
> 
> ns3.everydns.net.       172394  IN      A       80.84.249.169
> 
> ns4.everydns.net.       172394  IN      A       63.219.183.200
> 
> 
> 
> ;; Query time: 108 msec
> 
> ;; SERVER: 10.0.0.10#53(10.0.0.10)
> 
> ;; WHEN: Sat Nov 26 16:13:46 2005
> 
> ;; MSG SIZE  rcvd: 270
> 
> 
> 
> 
> 
> From the mail headers, we receive the email from 24.227.126.130, which is
> not part of your SPF record.
> 
> 
> 
> Please fix this ASAP.
> 
> 
> 
> -Don
> 
> 
> 
> Donald Drake
> 
> President
> 
> Drake Consulting
> 
> http://www.drakeconsult.com/
> 
> 312-560-1574
> 
> ------------------------------------------------------
> To unsubscribe:           [EMAIL PROTECTED]
> For additional commands:         [EMAIL PROTECTED]
> Archive:  http://archives.gnatbox.com/gb-users/



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.       

**********************************************************************

------------------------------------------------------
To unsubscribe:           [EMAIL PROTECTED]
For additional commands:         [EMAIL PROTECTED]
Archive:  http://archives.gnatbox.com/gb-users/

[gb-users] RE: {Spam?} [gb-users] gb-users list being marked as spam

Reply via email to