-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steve Prior writes:
> This non spam went over the threshold because 68.198.15.112 is listed
> on three different lists, but in fact appears to be one of the legit yahoo
> mail servers (the friend who sent this to me did so from a Yahoo mail
> account).
>
> Do all three blacklists need updating?
that's not the Yahoo mailserver -- it's the originating machine.
Received: from [68.198.15.112] by web11405.mail.yahoo.com via HTTP; Tue, 09 Mar
2004 09:19:21 PST
^^^^
note
- --j.
> Steve
>
> Content analysis details: (5.3 points, 5.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 0.9 FROM_ENDS_IN_NUMS From: ends in numbers
> 0.1 TW_XS BODY: Odd Letter Triples with XS
> 0.1 TW_YX BODY: Odd Letter Triples with YX
> 1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely spammer email
> 0.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP
> [68.198.15.112 listed in dnsbl.njabl.org]
> 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
> [68.198.15.112 listed in dnsbl.sorbs.net]
> 0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
> [68.198.15.112 listed in dnsbl.njabl.org]
> 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
> [68.198.15.112 listed in dnsbl.sorbs.net]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFATgSJQTcbUG5Y7woRAmKdAJ9EVfGaFymE0CJTSXzswJPCf3676ACeO+vg
AVTpR4+9RJooHZxyhrDjpQ8=
=6xPr
-----END PGP SIGNATURE-----
