Spam Admin said: > Our hospital has been getting a significant amount of obscene spam > lately from a group called Outblaze. It's getting past both IP > blacklists and SpamAssassin v2.63 using RulesDuJour. > > I've been reviewing the headers, and in every case Outblaze is using an > (assumed) open mail relay. They're also changing the From name and the > Reply To, so it's hard to nail it down with that. Further, there's no > consistent verbiage in the email that triggering high SA scores. To make > it worse, by the time I get the complaint, most of the blacklists I use > are already blocking the sending server, but of course they move on to > another one and the cycles begins again. > > The only thing consistent I can find is that the originating server, > the one sending to the open mail relay, is always a variation of > Outblaze.com, usually heesun-net.mr.outblaze.com, but the server IP > addresses are all over the place (see enclosed header). Can someone > explain to me how to adjust SA filters to search for that in the header > and give it a high score? > > Thanks, > > Greg Amy > Hartford Hospital > >
Hi Greg, Outblaze is not sending the spam, from what I have gathered over time is that they are really opposed to spam. The mr.outblaze.com addresses are forged and Outblaze has confirmed that anything claiming to come from mr.outblaze.com is bogus. For a sample rule go to: http://bugzilla.spamassassin.org/show_bug.cgi?id=3356 HTH, matt
