Re: whitelist_from questions
Le 26/07/2009 04:00, McDonald, Dan a écrit : From: Robert [mailto:list...@abbacomm.net] There are no doubt lots of ways, but how about: egrep 'whitelist_from[^_]' local.cf | awk '{FS=@; print $2 TXT;}' | xargs dig | grep v=spf1 what is this supposed to do? select all of your whitelist_from entries, parse out the domain part, dig the TXT record for each domain, then display only the ones that have a v=spf1 notation. That would give you a list of all of the domains in your whitelist_from that could be migrated to whitelist_from_spf ... provided, as Matus pointed out, all your whitelist_from entries are nicely formatted one address per line, and provided you don't have any domain wildcards. If those two conditions aren't met then you'll have to do some extra mangling to extract the domains properly. It also only looks for TXT RRs, so if any of the target domains are using only SPF RRs it won't find them. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages- www.tradoc.fr
Re: Rules
On 27/07/09 6:35 AM, twofers twof...@yahoo.com wrote: Performing Cunnilringus -- An Art of Pleasure.www.onlyviagra net I thought a sex rule would have fired as well as something for pleasure.www.onlyviagra net This is pretty basic and straight forward isn't it? This is a tough row to ho, and I've not gone down this road in a while but cunillingus is misspelt, potentially leading to the lack of reaction. By your rules. -- Neil Schwartzman Director, Accreditation Security Standards Certified | Safelist Return Path Inc. 0142002038 The opinions contained herein are my personal stance and may not reflect the viewpoint of Return Path Inc.
Re: Avoid processing of email with specific headers
Hi Mouss, thanks for your answer. In my installation, I've got a firewall with antispam features. The target I want to achieve is to bypass SA check when a message has been already tagged as spam by the firewall. I'll try posting the question on the postfix-users list. Bye, -Pietro. 2009/7/25 mouss mo...@ml.netoyen.net Pietro a écrit : In my installation, SA is called by Postfix. Any idea? Thanks in advance. This is really a postfix question. Follow up on the postfix-users list if needed. you can skip filtering using header_checks. for example /^X-Spam-Status: Yes/ FILTER smtp:[127.0.0.1]:10025 assuming you have an smtpd listening on port 10025 (with filtering disabled). but make sure not to give spammers a free ride: don't skip filtering just because you see X-Spam-Status: No While I am in, using amavisd-new is preferred over running SA directly from postfix.
DNSWL-Check does not work....
Hi, I found that my SA 3.2.5 do NOT perform the checks agains DNSWL. The debug contains: [8845] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [8845] dbg: dns: is DNS available? 1 [8845] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted All other RBL-checks are done fine, but no DNSWL. Any ideas? Kind Regards Christian
Re: DNSWL-Check does not work....
On Mon, 27 Jul 2009 14:03:13 +0200 Christian Kuehn christian.ku...@mcs.de wrote: [8845] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted All other RBL-checks are done fine, but no DNSWL. Are you sure your trusted network is correct?
Re: DNSWL-Check does not work....
RW schrieb: On Mon, 27 Jul 2009 14:03:13 +0200 Christian Kuehn christian.ku...@mcs.de wrote: [8845] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted All other RBL-checks are done fine, but no DNSWL. Are you sure your trusted network is correct? Yes, correct settings! -- Christian Kühn (Technical Consultant) == MCS MOORBEK COMPUTER SYSTEME GmbH Essener Bogen 17 - 22419 Hamburg - Germany Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200 E-Mail: christian.ku...@mcs.de Web: http://www.mcs.de Eingetragen im Handelsregister Hamburg B62933 Geschäftsführer: Kai Brandes Eckard Kabel GPG 8B52 41A1 4B8F 4DE7 9064 2073 6168 137A 3DDA 0F36 ==
Re: Catch-22 unsubscribing from this list.
On Sat, 25 Jul 2009 18:07:12 -0400 Michael W. Cocke cocke.mich...@gmail.com wrote: There doesn't seem to be a web interface to subscribe/unscribe from this list. The email address users-unsubscr...@spamassassin.apache.org complains that my IP address is dynamic (which is why I use dyndns.org, thank you very much.) On 07/26/09 20:01, quoth RW: Presumably it's complaining that you are sending direct to mx from a dynamic IP address. If you run a mail server on an dynamic address, you should send your outgoing mail through a smarthost. On 26.07.09 22:43, Steven W. Orr wrote: I'd be curious to hear more on this. I have a server running at home. My ISP gives me a so-called static address that I pay extra for. It's really just an IP address from their pool of dynamic addresses so it registers as really coming from a dynamic address. Somehow I got lucky and got a reverse dns record so if you look my ip up you'll see me and not my ISP. The rest is done through zoneedit.com which does a fabulous job. by a static address I assume that the address will be always assigned to you, and only to you. If your ISP taked money for something else, I'd like to see exactly what that is, however it seems that yous ISP forgot to exclude static address list off the dynamic block. We have a few pools of dynamic addresses, marked as dynamic in DNS, WHOIS records, and in PBL/SORBS/MAPS dynamic lists. If customer asks/pays for static address, he'll get address from other ranges, statically assigned to him, and we even can change DNS to his wish if he fullfille basic requirement of the requested name pointing to the IP. DNS names there are usually generic, but static as indicated in DNS and WHOIS (and, of course, not listed in PBL/SORBS/MAPS dynamic address lists). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese.
Re: your mail
On Sat, 25 Jul 2009, Michael W. Cocke wrote: There doesn't seem to be a web interface to subscribe/unscribe from this list. The email address users-unsubscr...@spamassassin.apache.org complains that my IP address is dynamic (which is why I use dyndns.org, thank you very much.) And on that subject, am I the only person who thinks that blocking by IP address block is inefficient, brute force, and prone to both false positives and false negatives? On 26.07.09 22:09, r...@ausics.net wrote: If you are sending out from your dynamic home connection, you are going to have bigger problems, most of the big ISP's and many many many others block at MTA level for your type of connections, either get a static IP *and* a real PTR entry, or use your ISP as smarthost. Nothing wrong with the way this list is setup apart from it uses qmail, but we wont go into that :) by ISP we of course mean the company you receive mail through, not the company you are connecting through, unless you are using address hosted in the same company. For example, if you use gmail.com address, you should use gmail's SMTP servers. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I drive way too fast to worry about cholesterol.
Re: DNSWL-Check does not work....
Matus UHLAR - fantomas schrieb: On 27.07.09 14:03, Christian Kuehn wrote: I found that my SA 3.2.5 do NOT perform the checks agains DNSWL. The debug contains: [8845] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [8845] dbg: dns: is DNS available? 1 [8845] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted All other RBL-checks are done fine, but no DNSWL. did you try manually query dnswl servers? It's possible that they blocked lookups from you for some reason... Nope, the requests via dig work fine and successful. ;; QUESTION SECTION: ;231.168.211.66.list.dnswl.org. IN A ;; ANSWER SECTION: 231.168.211.66.list.dnswl.org. 30068 IN A 127.0.2.2 -- Christian Kühn (Technical Consultant) == MCS MOORBEK COMPUTER SYSTEME GmbH Essener Bogen 17 - 22419 Hamburg - Germany Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200 E-Mail: christian.ku...@mcs.de Web: http://www.mcs.de Eingetragen im Handelsregister Hamburg B62933 Geschäftsführer: Kai Brandes Eckard Kabel GPG 8B52 41A1 4B8F 4DE7 9064 2073 6168 137A 3DDA 0F36 ==
Re: Rules
On Mon, 27 Jul 2009, twofers wrote: Can someone explain to me why one of the rule sets downloaded using SA-Update could not fire on: ?Subject: cenogenetic ? and the body having only and nothing else but: ?Performing Cunnilringus -- An Art of Pleasure.www.onlyviagra net ? I thought a sex rule would have fired as well as something for pleasure.www.onlyviagra net ?This is pretty basic and straight forward isn't it? It's basic modulo an infinite variety of misspellings. The more open you are to misspellings, the more likely you'll have FPs. The URI obfu rules are not yet in the base rule set, you have to add one of the variants to your local ruleset manually - and, if you're using mine from the SA sandbox, you have to get the patched ReplaceTags plugin as my URI obfu rule tickles a bug in Replacetags. http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_uri_obfu_ws.cf?view=log http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/ReplaceTags.pm?view=log -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- False is the idea of utility that sacrifices a thousand real advantages for one imaginary or trifling inconvenience; that would take fire from men because it burns, and water because one may drown in it; that has no remedy for evils except destruction. The laws that forbid the carrying of arms are laws of such a nature. They disarm only those who are neither inclined nor determined to commit crime. -- Cesare Beccaria, quoted by Thomas Jefferson --- 9 days until the 274th anniversary of John Peter Zenger's acquittal
Re: Low Scoring Lotto Spam
rich...@buzzhost.co.uk wrote: http://pastebin.com/m2cbc0965 This is scoring way low. Coming in from Hotmail (I would love to blacklist these but some people just insist on using it). 10 in the last hour. Lart'd Hotmail abuse, but the content does not seem to be catching ? I get hits against JM_SOUGHT_FRAUD_3 and a couple DNSBLs I've configured catch the originating IP address. Nothing on the standard SA rulesets though. X-Spam-Status: Yes, score=8.0 required=5.0 tests=BAYES_50,HTML_MESSAGE, JM_SOUGHT_FRAUD_3,RCVD_IN_UCEPROTECT2,RCVD_IN_UCEPROTECT3, RCVD_IN_UCE_COMBINED autolearn=disabled version=3.2.5 X-Spam-Report: * 3.0 RCVD_IN_UCEPROTECT2 RBL: Received via a relay in * dnsbl-2.uceprotect.net * [81.202.69.68 listed in dnsbl-2.uceprotect.net] * 2.0 RCVD_IN_UCEPROTECT3 RBL: Received via a relay in * dnsbl-3.uceprotect.net * [81.202.69.68 listed in dnsbl-3.uceprotect.net] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.5001] * 0.0 RCVD_IN_UCE_COMBINED Received via a relay in UCEProtect * 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns
Re: Low Scoring Lotto Spam
http://pastebin.com/m2cbc0965 This is scoring way low. Coming in from Hotmail (I would love to blacklist these but some people just insist on using it). 10 in the last hour. Lart'd Hotmail abuse, but the content does not seem to be catching ? Content analysis details: (6.2 points, 5.0 required) pts rule name description -- -- 1.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.4920] 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns
Re: Low Scoring Lotto Spam
On Mon, 2009-07-27 at 14:51 +0100, rich...@buzzhost.co.uk wrote: http://pastebin.com/m2cbc0965 This is scoring way low. Coming in from Hotmail (I would love to blacklist these but some people just insist on using it). Scores a healthy 13 here. Mostly using custom rules. X-Spam-Report: * 1.8 MILLION_EURO BODY: Talks about millions of Euros * 0.0 RELAY_US Relayed through United States * 0.5 FREEMAIL_FROM From-address is freemail domain * (laszlomezesesp68[at]msn.com) * 2.0 FREEMAIL_REPLYTO Different freemail address found in Reply-To or * Body than From (laszlomezesesp68[at]msn.com, * urbanizacion70[at]aol.com) * 0.0 HTML_MESSAGE BODY: HTML included in message * 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns * 0.5 FREEMAIL_REPLYFREE Sent from non-freemail address, replies go to * freemail address * 3.0 AE_DETAILS_WITH_MONEY Has form and mentions much money * 2.5 AE_DETAILS_WITH_EMAIL Has form and gives handy email to send it back * to Freemail.pm and the JM_SOUGHT rules should be easy enough for you to find. I also used these local rules (some shamelessly copied off this forum): body MILLION_EURO /\b(million|hundred.{0.40}\bthousand)\b.{0,40}\b(euro|pound)s?\b/i describe MILLION_EURO Talks about millions of Euros score MILLION_EURO 2.391 1.777 1.501 1.528 body__TRMB_YOUR_NAME /(^|\W)(your(\s+|\s+\w+\s+)names?|last.name:|full.names?|surname|Prenom|fullname|names? in full|with your.? Serial No|Confirmation Email Serial|Names?(\s+:|:)|Receiver name)(_|\W)/i body__TRMB_YOUR_ADDRESS /(^|\W)((your|home|residential)(\s+|\s+\w+\s+)add(re|ere)ss|Adresse|Location|Country:|(contact|full) address|Marital Status:|Occupation:|your current telephone|(tel|phone):(|\s+)([^0-9\+])|Tel:|Phone:___|Telephone (number|\#:)(|\s+)([^0-9\+]))(\W|_)/i body__TRMB_YOUR_AGE /(^|\W)(Your age|age:|age.)(\W|_)/i body__TRMB_YOUR_OCCUPATION /(^|\W)((Your |)occupation|Profession)(\W|_)/i body__TRMB_YOUR_BLOBBY_DETAILS /(^|\W)(FULL NAMES?.*ADDRESS.*PHONE NUM|PHONE AND FAX NUMBER|your telephone.fax|your full Contact Details|send us your fullnames? and address|your mobile numbers?|Please reply if you are willing to help me save|send the following informations?|Provide your email address.? Phone Number)/i body__TRMB_OTHER_DETAILS/\W(with your Full Contact informations?|contact the application desk)\W/i meta__TRMB_YOUR_DETAILS ((__TRMB_YOUR_NAME || __TRMB_OTHER_DETAILS) (__TRMB_YOUR_ADDRESS || __TRMB_YOUR_AGE || __TRMB_YOUR_OCCUPATION) || __TRMB_YOUR_BLOBBY_DETAILS ) metaAE_DETAILS_WITH_MONEY __TRMB_YOUR_DETAILS (MILLION_EURO || MILLION_USD || US_DOLLARS_3 || NA_DOLLARS || FRT_DOLLAR || AE_GBP || __FRAUD_DBI) describe AE_DETAILS_WITH_MONEY Has form and mentions much money metaAE_DETAILS_WITH_EMAIL __TRMB_YOUR_DETAILS __HAS_ANY_EMAIL describe AE_DETAILS_WITH_EMAIL Has form and gives handy email to send it back to score AE_DETAILS_WITH_MONEY 3.0 score AE_DETAILS_WITH_EMAIL 2.5 -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: Low Scoring Lotto Spam
Jari Fredriksson wrote: Content analysis details: (6.2 points, 5.0 required) pts rule name description -- -- 1.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.4920] 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns I get roughly the same... Content analysis details: (0.4 points, 7.0 required) pts rule name description -- -- 0.0 HTML_MESSAGE BODY: HTML included in message -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns -- Dan Schaefer Web Developer/Systems Analyst Performance Administration Corp.
Re: Low Scoring Lotto Spam
On Mon, 2009-07-27 at 14:51 +0100, rich...@buzzhost.co.uk wrote: I also used these local rules (some shamelessly copied off this forum): body MILLION_EURO /\b(million|hundred.{0.40}\bthousand)\b.{0,40}\b(euro|pound)s?\b/i describe MILLION_EURO Talks about millions of Euros score MILLION_EURO 2.391 1.777 1.501 1.528 body__TRMB_YOUR_NAME /(^|\W)(your(\s+|\s+\w+\s+)names?|last.name:|full.names?|surname|Prenom|fullname|names? in full|with your.? Serial No|Confirmation Email Serial|Names?(\s+:|:)|Receiver name)(_|\W)/i body__TRMB_YOUR_ADDRESS /(^|\W)((your|home|residential)(\s+|\s+\w+\s+)add(re|ere)ss|Adresse|Location|Country:|(contact|full) address|Marital Status:|Occupation:|your current telephone|(tel|phone):(|\s+)([^0-9\+])|Tel:|Phone:___|Telephone (number|\#:)(|\s+)([^0-9\+]))(\W|_)/i body__TRMB_YOUR_AGE /(^|\W)(Your age|age:|age.)(\W|_)/i body__TRMB_YOUR_OCCUPATION /(^|\W)((Your |)occupation|Profession)(\W|_)/i body__TRMB_YOUR_BLOBBY_DETAILS /(^|\W)(FULL NAMES?.*ADDRESS.*PHONE NUM|PHONE AND FAX NUMBER|your telephone.fax|your full Contact Details|send us your fullnames? and address|your mobile numbers?|Please reply if you are willing to help me save|send the following informations?|Provide your email address.? Phone Number)/i body__TRMB_OTHER_DETAILS/\W(with your Full Contact informations?|contact the application desk)\W/i meta__TRMB_YOUR_DETAILS ((__TRMB_YOUR_NAME || __TRMB_OTHER_DETAILS) (__TRMB_YOUR_ADDRESS || __TRMB_YOUR_AGE || __TRMB_YOUR_OCCUPATION) || __TRMB_YOUR_BLOBBY_DETAILS ) meta AE_DETAILS_WITH_MONEY __TRMB_YOUR_DETAILS (MILLION_EURO || MILLION_USD || US_DOLLARS_3 || NA_DOLLARS || FRT_DOLLAR || AE_GBP || __FRAUD_DBI) describe AE_DETAILS_WITH_MONEYHas form and mentions much money meta AE_DETAILS_WITH_EMAIL __TRMB_YOUR_DETAILS __HAS_ANY_EMAIL describe AE_DETAILS_WITH_EMAIL Has form and gives handy email to send it back to score AE_DETAILS_WITH_MONEY 3.0 score AE_DETAILS_WITH_EMAIL 2.5 Thanks there! Much better now, but I wonder what happened to my AWL. It was not there in my last post.. Content analysis details: (9.7 points, 5.0 required) pts rule name description -- -- 1.5 MILLION_EURO BODY: Talks about millions of Euros 1.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.4920] 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns 3.0 AE_DETAILS_WITH_MONEY Has form and mentions much money 2.5 AE_DETAILS_WITH_EMAIL Has form and gives handy email to send it back to -3.5 AWLAWL: From: address is in the auto white-list
Re: Low Scoring Lotto Spam
On Mon, 2009-07-27 at 17:31 +0300, Jari Fredriksson wrote: Thanks there! Much better now, but I wonder what happened to my AWL. It was not there in my last post.. Yes, which is exactly what AWL is. You just piped the message through SA a second time. Previously, it was the first time you saw a mail from that address and net-block pair. Now you did a second time, so there's some history for AWL... Notice how the previous score 6.2 == 9.7 - 3.5 matches quite nicely? Oh, and yes, 2 * 3.5 is exactly the difference in score you just added... ;) Content analysis details: (9.7 points, 5.0 required) -3.5 AWLAWL: From: address is in the auto white-list -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: DNSWL-Check does not work....
On Mon, July 27, 2009 14:03, Christian Kuehn wrote: [8845] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted All other RBL-checks are done fine, but no DNSWL. Any ideas? is there trusted ip in the mail ? spamassassin 21 -D -t msg | grep trusted | less if yes is the ip that are trusted listed in dnswl ? maybe the ip is listed local with trusted_networks ? -- xpoint
Re: DNSWL-Check does not work....
On Mon, July 27, 2009 15:14, Matus UHLAR - fantomas wrote: did you try manually query dnswl servers? It's possible that they blocked lookups from you for some reason... try the web so -- xpoint
Re: DNSWL-Check does not work....
Benny Pedersen schrieb: On Mon, July 27, 2009 14:03, Christian Kuehn wrote: [8845] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted All other RBL-checks are done fine, but no DNSWL. Any ideas? is there trusted ip in the mail ? spamassassin 21 -D -t msg | grep trusted | less if yes is the ip that are trusted listed in dnswl ? maybe the ip is listed local with trusted_networks ? [30132] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [30132] dbg: received-header: relay 66.211.168.231 trusted? no internal? no msa? no [30132] dbg: received-header: relay 10.243.56.55 trusted? no internal? no msa? no [30132] dbg: received-header: relay 10.243.57.25 trusted? no internal? no msa? no [30132] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=66.211.168.231 rdns=mx1.phx.paypal.com helo=mx1.phx.paypal.com by=mx.gay-web.de ident= envfrom=webf...@paypal.de intl=0 id=1MVMj4-0005wc-9c auth= msa=0 ] [ ip=10.243.56.55 rdns= helo=dub-entot-001.corp.ebay.com by=oma-entot-002.corp.ebay.com ident= envfrom= intl=0 id= auth= msa=0 ] [ ip=10.243.57.25 rdns= helo=DUB-KAAAS-006 by=dub-entot-001.corp.ebay.com ident= envfrom= intl=0 id= auth= msa=0 ] [30132] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: checking RBL plus.bondedsender.org., set ssc-firsttrusted [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: launching DNS TXT query for 231.168.211.66.sa-trusted.bondedsender.org. in background [30132] dbg: async: starting: DNSBL-TXT, dns:TXT:231.168.211.66.sa-trusted.bondedsender.org. (timeout 15.0s, min 3.0s) [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted [30132] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: [30132] dbg: async: completed in 0.326 s: DNSBL-TXT, dns:TXT:231.168.211.66.sa-trusted.bondedsender.org. [30132] dbg: async: timing: 0.326 . dns:TXT:231.168.211.66.sa-trusted.bondedsender.org. No trusted network, the IP was detected but no start of dns-check -- Christian Kühn (Technical Consultant) == MCS MOORBEK COMPUTER SYSTEME GmbH Essener Bogen 17 - 22419 Hamburg - Germany Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200 E-Mail: christian.ku...@mcs.de Web: http://www.mcs.de Eingetragen im Handelsregister Hamburg B62933 Geschäftsführer: Kai Brandes Eckard Kabel GPG 8B52 41A1 4B8F 4DE7 9064 2073 6168 137A 3DDA 0F36 ==
Re: DNSWL-Check does not work....
On Mon, July 27, 2009 15:21, Christian Kuehn wrote: did you try manually query dnswl servers? It's possible that they blocked lookups from you for some reason... Nope, the requests via dig work fine and successful. next step is spamassassin 21 -D -t msg | less any trusted lines ? -- xpoint
Re: DNSWL-Check does not work....
Benny Pedersen schrieb: On Mon, July 27, 2009 15:21, Christian Kuehn wrote: did you try manually query dnswl servers? It's possible that they blocked lookups from you for some reason... Nope, the requests via dig work fine and successful. next step is spamassassin 21 -D -t msg | less any trusted lines ? Nope [30132] dbg: received-header: relay 66.211.168.231 trusted? no internal? no msa? no [30132] dbg: received-header: relay 10.243.56.55 trusted? no internal? no msa? no [30132] dbg: received-header: relay 10.243.57.25 trusted? no internal? no msa? no -- Christian Kühn (Technical Consultant) == MCS MOORBEK COMPUTER SYSTEME GmbH Essener Bogen 17 - 22419 Hamburg - Germany Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200 E-Mail: christian.ku...@mcs.de Web: http://www.mcs.de Eingetragen im Handelsregister Hamburg B62933 Geschäftsführer: Kai Brandes Eckard Kabel GPG 8B52 41A1 4B8F 4DE7 9064 2073 6168 137A 3DDA 0F36 ==
Re: DNSWL-Check does not work....
On Mon, July 27, 2009 17:17, Christian Kuehn wrote: [30132] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually this might be the error, unsure if it is, but try add your wan ip's to trusted_networks, and imho also to msa_networks trusted_networks must also have a list of all ips that forward mails to you, this will help on spf forwarded emails to not being detected as spf fail -- xpoint
Re: DNSWL-Check does not work....
Benny Pedersen schrieb: On Mon, July 27, 2009 17:17, Christian Kuehn wrote: [30132] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually this might be the error, unsure if it is, but try add your wan ip's to trusted_networks, and imho also to msa_networks trusted_networks must also have a list of all ips that forward mails to you, this will help on spf forwarded emails to not being detected as spf fail Not the problem, now with trusted_networks and internal_networks set correctly: ian:~ # spamassassin 21 -D -t paypal.txt | grep trusted [4177] dbg: received-header: relay 66.211.168.231 trusted? no internal? no msa? no [4177] dbg: received-header: relay 10.243.56.55 trusted? no internal? no msa? no [4177] dbg: received-header: relay 10.243.57.25 trusted? no internal? no msa? no [4177] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted [4177] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: But no DNS-check furthermore -- Christian Kühn (Technical Consultant) == MCS MOORBEK COMPUTER SYSTEME GmbH Essener Bogen 17 - 22419 Hamburg - Germany Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200 E-Mail: christian.ku...@mcs.de Web: http://www.mcs.de Eingetragen im Handelsregister Hamburg B62933 Geschäftsführer: Kai Brandes Eckard Kabel GPG 8B52 41A1 4B8F 4DE7 9064 2073 6168 137A 3DDA 0F36 ==
Re: DNSWL-Check does not work....
Benny Pedersen schrieb: On Mon, July 27, 2009 17:17, Christian Kuehn wrote: [30132] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually this might be the error, unsure if it is, but try add your wan ip's to trusted_networks, and imho also to msa_networks trusted_networks must also have a list of all ips that forward mails to you, this will help on spf forwarded emails to not being detected as spf fail Just found that spamassassin -t file.txt works fine, but cat file.txt |spamc fails. The spamd dont check the dnswl. -- Christian Kühn (Technical Consultant) == MCS MOORBEK COMPUTER SYSTEME GmbH Essener Bogen 17 - 22419 Hamburg - Germany Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200 E-Mail: christian.ku...@mcs.de Web: http://www.mcs.de Eingetragen im Handelsregister Hamburg B62933 Geschäftsführer: Kai Brandes Eckard Kabel GPG 8B52 41A1 4B8F 4DE7 9064 2073 6168 137A 3DDA 0F36 ==
Re: Low Scoring Lotto Spam
Hi, * 3.0 RCVD_IN_UCEPROTECT2 RBL: Received via a relay in * dnsbl-2.uceprotect.net * [81.202.69.68 listed in dnsbl-2.uceprotect.net] * 2.0 RCVD_IN_UCEPROTECT3 RBL: Received via a relay in * dnsbl-3.uceprotect.net * [81.202.69.68 listed in dnsbl-3.uceprotect.net] How successful have you been with the UCEPROTECT lists? Seems like a nice project. How come more people aren't using it? IOW, you seemed to be the only one of the four or five people that posted their output from this lotto spam. Why such a disparity in the rules that people use? Thanks, Alex
Re: DNSWL-Check does not work....
On Mon, July 27, 2009 18:02, Christian Kuehn wrote: [4177] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted [4177] dbg: dns: IPs found: full-external: 66.211.168.231, 10.243.56.55, 10.243.57.25 untrusted: 66.211.168.231 originating: But no DNS-check furthermore okay make a bug on this one so, it does not make sense to test firsttrusted for a whitelist, not the bug ? also add rfc1918 to your internal_networks IP address 66.211.168.231 is listed at dnswl.org with the following details: Domain: paypal.com; Category: Financial Services (127.0.2.x); Country: US Suggest change for this DNSWL entry. -- xpoint
RE: DNSWL-Check does not work....
On Mon, July 27, 2009 17:17, Christian Kuehn wrote: [30132] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually this might be the error, unsure if it is, but try add your wan ip's to trusted_networks, and imho also to msa_networks trusted_networks must also have a list of all ips that forward mails to you, this will help on spf forwarded emails to not being detected as spf fail Not the problem, now with trusted_networks and internal_networks set correctly: ian:~ # spamassassin 21 -D -t paypal.txt | grep trusted [4177] dbg: received-header: relay 66.211.168.231 trusted? no internal? snip But no DNS-check furthermore -- Christian Kühn Christian, i may be way off base (TM) here yet the only thing that caught my eye was paypal.txt if you are having problems with email from Paypal and DNS issues, many times it is because paypal had certain types of monster DNS records and sometimes various software has to be patched to deal with it again, this may or may not be the or a part of the issue depending on what your overall network systems software picture is. - rh
Re: Low Scoring Lotto Spam
MySQL Student wrote: Hi, * 3.0 RCVD_IN_UCEPROTECT2 RBL: Received via a relay in * dnsbl-2.uceprotect.net * [81.202.69.68 listed in dnsbl-2.uceprotect.net] * 2.0 RCVD_IN_UCEPROTECT3 RBL: Received via a relay in * dnsbl-3.uceprotect.net * [81.202.69.68 listed in dnsbl-3.uceprotect.net] How successful have you been with the UCEPROTECT lists? Seems like a nice project. How come more people aren't using it? I find it quite useful, but do understand their listing policy before using it, and score each list appropriately for your mail flow. I use it to check all relay IPs, not just last external, which is why it hits on this example, but do expect FPs used in this way from senders on particularly spammy ISPs. For me it hits more low scoring spam than it does legit mail so it's worth a few points. I have had one user on another open source mailing list whose mail it blocks every time who I've had to manually whitelist, but other than that I've not really noticed it causing any legitimate mail to be quarantined (note that doesn't mean the rule doesn't misfire, only that negatively scoring rules in my setup, such as bayes, counteract and prevent the mail from being classified as spam).
Re: {SPAM?} Rules
I found the only ruleset that catches this to be: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_uri_obfu_ws.cf?revision=795578 And then only the last two rules fired. On Jul 27, 2009, at 6:35 AM, twofers wrote: This is pretty basic and straight forward isn't it? Wes This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: {SPAM?} Rules
On Mon, 27 Jul 2009, Mike Wallace wrote: I found the only ruleset that catches this to be: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_uri_obfu_ws.cf?revision=795578 And then only the last two rules fired. That's old. Lose the ?revision... bit to see the current version. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Ignorance doesn't make stuff not exist. -- Bucky Katt --- 9 days until the 274th anniversary of John Peter Zenger's acquittal
Re: Low Scoring Lotto Spam
On Mon, 2009-07-27 at 17:31 +0300, Jari Fredriksson wrote: On Mon, 2009-07-27 at 14:51 +0100, rich...@buzzhost.co.uk wrote: I also used these local rules (some shamelessly copied off this forum): body__TRMB_YOUR_NAME /(^|\W)(your(\s+|\s+\w+\s+)names?|last.name:|full.names?|surname|Prenom|fullname|names? in full|with your.? Serial No|Confirmation Email Serial|Names?(\s+:|:)|Receiver name)(_|\W)/i After I splatted these rules here, I saw that they were pretty in-efficient perl-wise, and matched a bit much logic wise. I've tightened them up, and I think this is better, but I'd appreciate suggestions: body__TRMB_YOUR_NAME /\b(?:your.{0,10}\bnames?|last.name:|full.names?|surname|Prenom|fullname|names? in full|with your.? Serial No|Confirmation Email Serial|Names?\s?:|Receiver name)_{0,40}\b/i body__TRMB_YOUR_ADDRESS /\b(?:your|home|residen|contact|full|current).{0,20}\b(?:add[er]{2,4}sse?|location|country|marital status|occupation)_{0,40}\b/i body__TRMB_YOUR_PHONE /\b(?:telephone|tel|phone)\s?(?:num(?:ber)?|\#)?[[:space:][:punct:]]{1,5}\D/i body__TRMB_YOUR_AGE /\b(?:your\s)?age\s?[[:punct:]]{1,40}\b/i body__TRMB_YOUR_OCCUPATION /\b(?:your\s)?(?:occupation|profession)_{0,30}\b/i body__TRMB_YOUR_BLOBBY_DETAILS /\b(?:full names?.{1,20}address.{1,20}phone num|phone and fax number|your telephone.fax|your full contact details|send us your fullnames? and address|your mobile numbers?|please reply if you are willing to help me save|send the following informations?|provide your email address.? phone number)/i body__TRMB_OTHER_DETAILS/\b(?:with your full contact informations?|contact the application desk)\b/i meta__TRMB_YOUR_DETAILS ((__TRMB_YOUR_NAME || __TRMB_OTHER_DETAILS) (__TRMB_YOUR_ADDRESS || __TRMB_YOUR_PHONE || __TRMB_YOUR_AGE || __TRMB_YOUR_OCCUPATION) || __TRMB_YOUR_BLOBBY_DETAILS ) metaAE_DETAILS_WITH_MONEY __TRMB_YOUR_DETAILS (MILLION_EURO || MILLION_USD || US_DOLLARS_3 || NA_DOLLARS || FRT_DOLLAR || AE_GBP || __FRAUD_DBI) describe AE_DETAILS_WITH_MONEY Has form and mentions much money metaAE_DETAILS_WITH_EMAIL __TRMB_YOUR_DETAILS __HAS_ANY_EMAIL describe AE_DETAILS_WITH_EMAIL Has form and gives handy email to send it back to score AE_DETAILS_WITH_MONEY 2.0 score AE_DETAILS_WITH_EMAIL 2.5 -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
Re: Rules
John, the current version doesn't trap that type of URI and that's why I am using the older version and mentioned it. I have collected 13 examples of obfuscated URIs that I can send you. Mike - Original Message - From: John Hardin jhar...@impsec.org To: Mike Wallace m...@mlrw.com Cc: twofers twof...@yahoo.com, users@spamassassin.apache.org Sent: Monday, July 27, 2009 4:48:52 PM GMT -05:00 US/Canada Eastern Subject: Re: {SPAM?} Rules On Mon, 27 Jul 2009, Mike Wallace wrote: I found the only ruleset that catches this to be: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_uri_obfu_ws.cf?revision=795578 And then only the last two rules fired. That's old. Lose the ?revision... bit to see the current version. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Ignorance doesn't make stuff not exist. -- Bucky Katt --- 9 days until the 274th anniversary of John Peter Zenger's acquittal This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Rules
On Mon, 27 Jul 2009, Mike Wallace wrote: John, the current version doesn't trap that type of URI and that's why I am using the older version and mentioned it. That's odd, because I added that sample line to my testbed and it did hit: [31850] dbg: rules: ran body rule URI_OBFU_WWW == got hit: www.onlyviagra net I have collected 13 examples of obfuscated URIs that I can send you. Please send them - thanks. Also, I just committed a minor update, you might want to grab the rule from svn again. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- An entitlement beneficiary is a person or special interest group who didn't earn your money, but demands the right to take your money because they *want* it.-- John McKay, _The Welfare State: No Mercy for the Middle Class_ --- 9 days until the 274th anniversary of John Peter Zenger's acquittal
Re: Low Scoring Lotto Spam
On Mon, 27 Jul 2009, Daniel J McDonald wrote: On Mon, 2009-07-27 at 17:31 +0300, Jari Fredriksson wrote: On Mon, 2009-07-27 at 14:51 +0100, rich...@buzzhost.co.uk wrote: I also used these local rules (some shamelessly copied off this forum): body__TRMB_YOUR_NAME /(^|\W)(your(\s+|\s+\w+\s+)names?|last.name:|full.names?|surname|Prenom|fullname|names? in full|with your.? Serial No|Confirmation Email Serial|Names?(\s+:|:)|Receiver name)(_|\W)/i After I splatted these rules here, I saw that they were pretty in-efficient perl-wise, and matched a bit much logic wise. I've tightened them up, and I think this is better, but I'd appreciate suggestions: body__TRMB_YOUR_NAME /\b(?:your.{0,10}\bnames?|last.name:|full.names?|surname|Prenom|fullname|names? in full|with your.? Serial No|Confirmation Email Serial|Names?\s?:|Receiver name)_{0,40}\b/i body__TRMB_YOUR_ADDRESS /\b(?:your|home|residen|contact|full|current).{0,20}\b(?:add[er]{2,4}sse?|location|country|marital status|occupation)_{0,40}\b/i body__TRMB_YOUR_PHONE /\b(?:telephone|tel|phone)\s?(?:num(?:ber)?|\#)?[[:space:][:punct:]]{1,5}\D/i body__TRMB_YOUR_AGE /\b(?:your\s)?age\s?[[:punct:]]{1,40}\b/i body__TRMB_YOUR_OCCUPATION /\b(?:your\s)?(?:occupation|profession)_{0,30}\b/i body__TRMB_YOUR_BLOBBY_DETAILS /\b(?:full names?.{1,20}address.{1,20}phone num|phone and fax number|your telephone.fax|your full contact details|send us your fullnames? and address|your mobile numbers?|please reply if you are willing to help me save|send the following informations?|provide your email address.? phone number)/i body__TRMB_OTHER_DETAILS/\b(?:with your full contact informations?|contact the application desk)\b/i meta__TRMB_YOUR_DETAILS ((__TRMB_YOUR_NAME || __TRMB_OTHER_DETAILS) (__TRMB_YOUR_ADDRESS || __TRMB_YOUR_PHONE || __TRMB_YOUR_AGE || __TRMB_YOUR_OCCUPATION) || __TRMB_YOUR_BLOBBY_DETAILS ) metaAE_DETAILS_WITH_MONEY __TRMB_YOUR_DETAILS (MILLION_EURO || MILLION_USD || US_DOLLARS_3 || NA_DOLLARS || FRT_DOLLAR || AE_GBP || __FRAUD_DBI) describe AE_DETAILS_WITH_MONEY Has form and mentions much money metaAE_DETAILS_WITH_EMAIL __TRMB_YOUR_DETAILS __HAS_ANY_EMAIL describe AE_DETAILS_WITH_EMAIL Has form and gives handy email to send it back to score AE_DETAILS_WITH_MONEY 2.0 score AE_DETAILS_WITH_EMAIL 2.5 How about: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_fillform.cf?view=log -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...much of our country's counterterrorism security spending is not designed to protect us from the terrorists, but instead to protect our public officials from criticism when another attack occurs. -- Bruce Schneier --- 9 days until the 274th anniversary of John Peter Zenger's acquittal
Re: whitelist_from questions
Hi, I'm looking an email that appears to be one of the users from the whitelist, but instead was from: From probesqt...@segunitb1.freeserve.co.uk Mon Jul 27 19:49:19 2009 Why can't a comparison be made between the From: info and the actual sender? Is this because of virtual domains and/or users? Thanks, Alex
Re: Low Scoring Lotto Spam
On Mon, 2009-07-27 at 14:51 +0100, rich...@buzzhost.co.uk wrote: http://pastebin.com/m2cbc0965 This is scoring way low. Coming in from Hotmail (I would love to blacklist these but some people just insist on using it). 10 in the last hour. Lart'd Hotmail abuse, but the content does not seem to be catching ? X-Spam-Status: Yes, score=13.0 required=5.0 tests=BAYES_60=2.002, DCC_CHECK_NEGATIVE=-0.0001,FREEMAIL_FROM=0.5,FREEMAIL_REPLYTO=2, HTML_MESSAGE=0.001,JM_SOUGHT_FRAUD_2=3,JM_SOUGHT_FRAUD_3=3,KAM_LOTTO1=0.5, KHOP_RCVD_UNTRUST=1,RCVD_IN_JMF_YE=0.01,RELAY_ES=0.01,SAGREY=1 autolearn=disabled version=3.2.5 Content analysis details: (13.0 points, 5.0 required) pts rule name description -- -- 0.0 RCVD_IN_JMF_YE RBL: Relay listed in JunkEmailFilter YELLOW (varies) [65.55.116.112 listed in hostkarma.junkemailfilter.com] 0.0 RELAY_ES Relayed through Spain 0.5 FREEMAIL_FROM Sender email is freemail (laszlomezesesp68[at]msn.com) 2.0 FREEMAIL_REPLYTO Reply-To is different freemail than From or body (laszlomezesesp68[at]msn.com, urbanizacion70[at]aol.com) 2.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% [score: 0.7866] 0.0 HTML_MESSAGE BODY: HTML included in message -0.0 DCC_CHECK_NEGATIVE Not listed in DCC [localhost 1201; Body=1 Fuz1=21] [Fuz2=35] 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns 0.5 KAM_LOTTO1 Likely to be an e-Lotto Scam Email 3.0 JM_SOUGHT_FRAUD_2 Body contains frequently-spammed text patterns 1.0 KHOP_RCVD_UNTRUST DNS-whitelisted sender is not verified 1.0 SAGREY Adds 1.0 to spam from first-time senders -- KeyID 0xE372A7DA98E6705C signature.asc Description: This is a digitally signed message part
Re: your mail
On Mon, 27 Jul 2009, Matus UHLAR - fantomas wrote: On Sat, 25 Jul 2009, Michael W. Cocke wrote: There doesn't seem to be a web interface to subscribe/unscribe from this list. The email address users-unsubscr...@spamassassin.apache.org complains that my IP address is dynamic (which is why I use dyndns.org, thank you very much.) And on that subject, am I the only person who thinks that blocking by IP address block is inefficient, brute force, and prone to both false positives and false negatives? On 26.07.09 22:09, r...@ausics.net wrote: If you are sending out from your dynamic home connection, you are going to have bigger problems, most of the big ISP's and many many many others block at MTA level for your type of connections, either get a static IP *and* a real PTR entry, or use your ISP as smarthost. Nothing wrong with the way this list is setup apart from it uses qmail, but we wont go into that :) by ISP we of course mean the company you receive mail through, not the company you are connecting through, unless you are using address hosted in the same company. Actually, if he is a connection customer of foobar.com, he should use foobar.coms SMTP server as his smarthost, as they will allow their customers to relay through them, that way most servers will only care about mail.foobar.com -- Res -Beware of programmers who carry screwdrivers
Re: whitelist_from questions
MySQL Student wrote: Hi, I'm looking an email that appears to be one of the users from the whitelist, but instead was from: From probesqt...@segunitb1.freeserve.co.uk Mon Jul 27 19:49:19 2009 Why can't a comparison be made between the From: info and the actual sender? Is this because of virtual domains and/or users? It's not done because this mismatch happens for nearly every mailing list in existence (including this one). Every message you get from this mailing list is From: the poster, but the envelope is from the apache list server's bounce handler. The To: header and Rcpt to: mismatch for similar reasons (To: will be the list, but RCPT TO will be your mailbox).