This thread should've been broken into several others ....
- Yahoo! groups at the moment is generating spam -- by mis-diagnosing posts
to
yahoogroups as [spam]. The resulting MIME-encapsulated messages wrap the
original
message, add [spam] to the subject line, and this sort of wee-little
header line
in the outsider wrapper's header:
X-eGroups-Rocket-Track: 1: 100 ; SFLAG=OPENRELAY ; IPCR=g-w0,n0,g100 ;
SERVER=66.218.86.248
See that OPENRELAY tag above? That is apparently the thing that flipped
out Yahoo!.
I did an adhoc check on a couple of those IP's that Yahoo! complained
about and they
did show signs of being an open relay (weak signs. The test message which
attempted
relay was accepted, but not delivered back to me).
But the problem here is that the messages that Yahoo! has tagged as spam,
no longer
have the mailing list headers in the wrapper (thus even my filing
recipes), and now
I'm faced with first unwrapping the message to get the original so I can
run my own
spam filtering on it. And ... all the messages I've seen were in fact
innoucous and
their only problem is they were sent from an IP listed as an open relay.
So, from my perspective, Yahoo!'s anti-spam filters are at the moment
creating spam.
There is a possible positive -- by tagging so many dial up, real or just
listed
open relays perhaps those users will (1) decontaminate their PC's, and (2)
lean on
their ISP to clean up its act and start helping its users determine if
their PC's
have been misappropriated by a virus/zombie harvester.
- Does this help with the problem of SA chasing too many Received lines back
to the
originating unlucky dial-up user?
num_check_received { integer } (default: 9)
How many received lines from and including the original mail relay do we
check in RBLs (at least 1 or 2 is recommended).
Note that for checking against dialup lists, you can call check_rbl() with a
special set name of set-notfirsthop and this rule will only be matched
against the relays except for the very first one; this allows SpamAssassin
to catch dialup-sent spam, without penalizing people who properly relay
through their ISP.
This option is deprecated in version 2.60 and later. It will be removed in a
future version. Please use the trusted_networks option instead (it is a much
better way to control DNSBL-checking behaviour).
-----
- if you set that to 2, or somethinng like that you should be able to just
include your
local mail's demarcation point?
