On 10/5/18 4:38 PM, Antony Stone wrote: > On Friday 05 October 2018 at 23:26:12, Rupert Gallagher wrote: > >>> https://pastebin.com/TRD7FzRQ >>> >>> I have a sample here >> >> There are at least three reasons to reject that e-mail upfront, with no >> need to parse its body. > > Hints might be appreciated for the uninitiated. > > > Antony. > > > PS: Please do NOT set Reply-To to your own address on list postings. >
Are you doing any RBLs at the MTA? This thing looks really bad and would never have made it past my Postfix postscreen_dnsbl_sites list. http://multirbl.valli.org/lookup/114.46.223.46.html If it had made it to SpamAssassin, here's what my rules would have scored: Content analysis details: (29.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 5.2 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000] 3.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% [score: 1.0000] 0.5 FROM_DOMAIN_NOVOWEL From: domain has series of non-vowel letters 1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP) 0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or Generic rPTR 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date 3.2 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net) 0.1 FROM_EQUALS_TO From: and To: have the same username 0.0 KHOP_DYNAMIC Relay looks like a dynamic address 3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 1.0 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 2.2 ENA_RELAY_NOT_US Relayed from outside the US and not on whitelists 0.1 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam (FTSDMCXX/boundary variant) + direct-to-MX 2.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX 2.5 DOS_OE_TO_MX Delivered direct to MX with OE headers 2.5 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address 0.0 ENA_BAD_SPAM Spam hitting really bad rules. -- David Jones