If I am reading this correctly it looks like SA is working perfectly. SA admins generally don't care much for kids sending email to our servers from their mom's computers while she is at work... well u get the idea. But I am guessing your friend already knows that.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 13, 2005 3:52 PM To: [email protected] Subject: Rule Advice We're working with someone who has a domain that starts with a number: 360skincare.com. So it gets bit by FROM_STARTS_WITH_NUMS. I also see some for suspicious hostname. A little more background: the sender appears to come from pacbell.net isp and using a webmail client. Are these "suspicious hostname" entries appearing because the hostname starts with a number? Any other advice on these headers to help the user not appear as sending spam? I suspect they are out of luck for the bl rules if pacbell is on a block list. Here are the full headers (since upgraded to 3.0.4): > From: [EMAIL PROTECTED] > Date: July 9, 2005 2:00:29 PM MST > To: [EMAIL PROTECTED] > Subject: Re: here you go > Return-Path: [EMAIL PROTECTED] > Delivered-To: [EMAIL PROTECTED] > Received: (qmail 31028 invoked from network); 9 Jul 2005 21:00:29 > -0000 > Received: from localhost (127.0.0.1) by localhost with SMTP; 9 Jul > 2005 21:00:29 -0000 > Received: from adsl-64-165-17-127.dsl.sndg02.pacbell.net > (adsl-64-165-17-127.dsl.sndg02.pacbell.net [64.165.17.127]) by > webmail.360skincare.com (IMP) with HTTP for > <[EMAIL PROTECTED]@localhost>; Sat, 9 Jul 2005 17:00:29 -0400 > Message-Id: <[EMAIL PROTECTED]> > References: <[EMAIL PROTECTED]> > In-Reply-To: <[EMAIL PROTECTED]> > Mime-Version: 1.0 > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: 8bit > User-Agent: Internet Messaging Program (IMP) 3.2.3 > X-Originating-Ip: 64.165.17.127 > X-Spam-Flag: YES > X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hidden2 > X-Spam-Level: ******* > X-Spam-Status: Yes, score=7.5 required=5.0 > tests=FROM_STARTS_WITH_NUMS, > HELO_DYNAMIC_DHCP,HELO_DYNAMIC_HCC,HELO_DYNAMIC_IPADDR, > RCVD_IN_NJABL_DUL autolearn=no version=3.0.3 > X-Spam-Report: * 0.1 HELO_DYNAMIC_DHCP Relay HELO'd using > suspicious hostname (DHCP) * 1.5 HELO_DYNAMIC_HCC Relay HELO'd > using suspicious hostname (HCC) * 2.8 HELO_DYNAMIC_IPADDR Relay > HELO'd using suspicious hostname (IP addr 1) * 1.5 > FROM_STARTS_WITH_NUMS From: starts with nums * 1.7 > RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP > * [64.165.17.127 listed in combined.njabl.org]
