Re: Problems with AOL's TOS reports

Justin Mason Thu, 01 Dec 2005 19:09:22 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


you should _definitely_ whitelist AOL's scomp source address -- preferably
using "whitelist_from_spf", as they publish a reliable SPF record
for aol.net.

- --j.

Steven Stern writes:
> In order to keep our mail flowing to AOL members, I've signed up through 
> the AOL postmaster service to receive TOS reports. Basically, whenever 
> someone reports mail from our domains as spam, AOL forwards it to me. 
> (They delete the addressee from the headers, although not completely so 
> sometimes.)
> 
> Anyhow, when it arrives, SA classifies it as spam. What's the reason for 
> the SARE_SPEC_CLIENT rules? Would it be a problem for other spam if I 
> overrode them by whitelisting the sender ([EMAIL PROTECTED])?
> 
>   pts rule name              description
> ---- ---------------------- 
> --------------------------------------------------
>   2.2 SARE_SPEC_CLIENT_TOS2  known spammer address
>   1.0 NO_REAL_NAME           From: does not include a real name
>   2.2 SARE_SPEC_CLIENT_TOS   high tech impulse spam sign
> -0.0 SPF_PASS               SPF: sender matches SPF record
> -2.6 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
>                              [score: 0.0000]
>   0.0 HTML_MESSAGE           BODY: HTML included in message
>   0.2 DNS_FROM_RFC_ABUSE     RBL: Envelope sender in abuse.rfc-ignorant.org
>   1.7 DNS_FROM_RFC_POST      RBL: Envelope sender in
>                              postmaster.rfc-ignorant.org
>   1.6 FORGED_MSGID_AOL       Message-ID is forged, (aol.com)
> -1.2 AWL                    AWL: From: address is in the auto white-list
> 
> 
> The headers look like this:
> 
> Microsoft Mail Internet Headers Version 2.0
> Received: from enoch.cciminstitute.com ([10.0.2.195]) by 
> eve.cciminstitute.com with Microsoft SMTPSVC(5.0.2195.6713);
>        Thu, 1 Dec 2005 18:29:18 -0600
> Received: from omr-m08.mx.aol.com (omr-m08.mx.aol.com [64.12.138.20])
>       by enoch.cciminstitute.com (8.13.1/8.13.1) with ESMTP id jB20TD75022197;
>       Thu, 1 Dec 2005 18:29:13 -0600
> Received: from  scmp-m23.mail.aol.com (scmp-m23.mail.aol.com 
> [172.21.28.106]) by omr-m08.mx.aol.com (v107.10) with ESMTP id 
> RELAYIN7-8438f95576; Thu, 01 Dec 2005 19:29:11 -0400
> Received: from  imo-d21.mx.aol.com (imo-d21.mail.aol.com 
> [172.18.157.195]) by scmp-m23.mail.aol.com (v98.19) with ESMTP id 
> RELAYIN2-3438f95441a; Thu, 01 Dec 2005 19:28:52 -0400
> Received: from [EMAIL PROTECTED]
>       by imo-d21.mx.aol.com (mail_out_v38_r6.3.) id f.2b7.128060a (58677)
>        for <[EMAIL PROTECTED]>; Thu, 1 Dec 2005 19:28:45 -0500 (EST)
> From: <[EMAIL PROTECTED]>
> Message-ID: <[EMAIL PROTECTED]>
> Date: Thu, 1 Dec 2005 19:28:45 EST
> Subject: *SPAM* Client TOS Notification
> To: <[EMAIL PROTECTED]>
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="----------=_438F955B.164385DC"
> X-Mailer: 9.0 for [EMAIL PROTECTED]
> X-AOL-COUNTRY-CODE: US
> X-Spam-Flag: YES
> X-AOL-IP: 172.21.28.106
> X-Loop: scomp
> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0 
> (enoch.cciminstitute.com [10.0.2.195]); Thu, 01 Dec 2005 18:29:13 -0600 
> (CST)
> X-Virus-Scanned: ClamAV version 0.87.1, clamav-milter version 0.87 on 
> enoch.cciminstitute.com
> X-Virus-Status: Clean
> X-Spam-Status: Yes, score=5.2 required=4.0 tests=AWL,BAYES_00,
>       DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,FORGED_MSGID_AOL,HTML_MESSAGE,
>       NO_REAL_NAME,SARE_SPEC_CLIENT_TOS,SARE_SPEC_CLIENT_TOS2,SPF_PASS
>       autolearn=no version=3.1.0
> X-Spam-Level: *****
> X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
>       enoch.cciminstitute.com
> Return-Path: [EMAIL PROTECTED]
> X-OriginalArrivalTime: 02 Dec 2005 00:29:18.0390 (UTC) 
> FILETIME=[6E99C560:01C5F6D7]
> 
> ------------=_438F955B.164385DC
> Content-Type: text/plain
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
> 
> ------------=_438F955B.164385DC
> Content-Type: message/rfc822; x-spam-type=original
> Content-Description: original message before SpamAssassin
> Content-Disposition: attachment
> Content-Transfer-Encoding: 8bit
> 
> X-Envelope-From: <[EMAIL PROTECTED]>
> X-Envelope-To: <[EMAIL PROTECTED]>
> Received: from omr-m08.mx.aol.com (omr-m08.mx.aol.com [64.12.138.20]) by 
> enoch.cciminstitute.com;
> X-Envelope-To: <[EMAIL PROTECTED]>
> Received: from  scmp-m23.mail.aol.com (scmp-m23.mail.aol.com 
> [172.21.28.106]) by omr-m08.mx.aol.com (v107.10) with ESMTP id 
> RELAYIN7-8438f95576; Thu, 01 Dec 2005 19:29:11 -0400
> Received: from  imo-d21.mx.aol.com (imo-d21.mail.aol.com 
> [172.18.157.195]) by scmp-m23.mail.aol.com (v98.19) with ESMTP id 
> RELAYIN2-3438f95441a; Thu, 01 Dec 2005 19:28:52 -0400
> Received: from [EMAIL PROTECTED]
>       by imo-d21.mx.aol.com (mail_out_v38_r6.3.) id f.2b7.128060a (58677)
>        for <[EMAIL PROTECTED]>; Thu, 1 Dec 2005 19:28:45 -0500 (EST)
> From: <[EMAIL PROTECTED]>
> Message-ID: <[EMAIL PROTECTED]>
> Date: Thu, 1 Dec 2005 19:28:45 EST
> Subject: Client TOS Notification
> To: <[EMAIL PROTECTED]>
> MIME-Version: 1.0
> Content-Type: multipart/mixed; 
> boundary="part1_2b7.128060a.30c0ef3d_boundary"
> X-Mailer: 9.0 for [EMAIL PROTECTED]
> X-AOL-COUNTRY-CODE: US
> X-AOL-IP: 172.21.28.106
> X-Loop: scomp
> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0 
> (enoch.cciminstitute.com [10.0.2.195]); Thu, 01 Dec 2005 18:29:13 -0600 
> (CST)
> X-Virus-Scanned: ClamAV version 0.87.1, clamav-milter version 0.87 on 
> enoch.cciminstitute.com
> X-Virus-Status: Clean
> 
> --part1_2b7.128060a.30c0ef3d_boundary
> Content-Type: text/plain; charset="US-ASCII"
> Content-Transfer-Encoding: 7bit
> 
> --part1_2b7.128060a.30c0ef3d_boundary
> Content-Type: message/rfc822
> Content-Disposition: inline
> 
> Return-Path: <[EMAIL PROTECTED]>
> Received: from  rly-yc05.mail.aol.com (rly-yc05.mail.aol.com 
> [172.18.205.148]) by air-yc04.mail.aol.com (v107.13) with ESMTP id 
> MAILINYC44-1d9438f45e7368; Thu, 01 Dec 2005 13:50:30 -0500
> Received: from  ldap1.ccim.com (ldap1.ccim.com [198.104.132.226]) by 
> rly-yc05.mail.aol.com (v107.13) with ESMTP id 
> MAILRELAYINYC53-1d9438f45e7368; Thu, 01 Dec 2005 13:50:15 -0500
> Received: from ldap1.ccim.com (localhost [127.0.0.1])
>       by ldap1.ccim.com (8.12.11/8.12.11) with ESMTP id jB1IN5rE003286
>       for <[EMAIL PROTECTED]>; Thu, 1 Dec 2005 13:49:13 -0500
> Received: from enoch.cciminstitute.com (enoch.cciminstitute.com
>       [12.40.135.196])
>       by ldap1.ccim.com (8.12.11/8.12.11) with ESMTP id jB1FONIi014070
>       for <[EMAIL PROTECTED]>; Thu, 1 Dec 2005 10:24:23 -0500
> Received: from eve.cciminstitute.com (eve.cciminstitute.com [10.0.2.7])
>       by enoch.cciminstitute.com (8.13.1/8.13.1) with SMTP id jB1FOJ9Z022174
>       for <[EMAIL PROTECTED]>; Thu, 1 Dec 2005 09:24:19 -0600
> content-class: urn:content-classes:message
> MIME-Version: 1.0
> X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
> Date: Thu, 1 Dec 2005 09:24:21 -0600
> Message-ID: <[EMAIL PROTECTED]>
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> Thread-Topic: RERC/CCIM ITQ -- Market Data Equals Power
> Thread-Index: AcX2i00btfR+CFo3TYSbIAA/Y2q0VQ==
> From: "CCIM Member Communications" 
> <[EMAIL PROTECTED]>
> To: <Undisclosed Recipients>
> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0 
> (ldap1.ccim.com [127.0.0.1]); Thu, 01 Dec 2005 13:49:13 -0500 (EST)
> X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-2.0
>       (ldap1.ccim.com [198.104.132.226]);
>       Thu, 01 Dec 2005 10:24:23 -0500 (EST)
> X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-2.0
>       (enoch.cciminstitute.com [10.0.2.195]);
>       Thu, 01 Dec 2005 09:24:19 -0600 (CST)
> X-Virus-Scanned: ClamAV version 0.87.1,
>       clamav-milter version 0.87 on ldap1.ccim.com
> X-Virus-Scanned: ClamAV version 0.87.1,
>       clamav-milter version 0.87 on enoch.cciminstitute.com
> X-Virus-Status: Clean
> X-Spam-Status: No, score=-2.5 required=4.0 tests=AWL,BAYES_00,HTML_MESSAGE
>       autolearn=ham version=3.1.0
> X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on ldap1.ccim.com
> X-Mailman-Approved-At: Thu, 01 Dec 2005 11:14:20 -0500
> Subject: [Designees] RERC/CCIM ITQ -- Market Data Equals Power
> X-BeenThere: [EMAIL PROTECTED]
> X-Mailman-Version: 2.1.6
> Precedence: list
> List-Id: Designees List <designees.ccim.com>
> List-Unsubscribe: <http://lists.ccim.com/mailman/listinfo/designees>,
>       <mailto:[EMAIL PROTECTED]>
> List-Archive: <http://lists.ccim.com/pipermail/designees>
> List-Post: <mailto:[EMAIL PROTECTED]>
> List-Help: <mailto:[EMAIL PROTECTED]>
> List-Subscribe: <http://lists.ccim.com/mailman/listinfo/designees>,
>       <mailto:[EMAIL PROTECTED]>
> Content-Type: multipart/mixed; boundary="===============0292989648=="
> Sender: [EMAIL PROTECTED]
> Errors-To: [EMAIL PROTECTED]
> X-AOL-IP: 198.104.132.226
> X-Mailer: Unknown (No Version)
> 
> 
> -- 
> 
>    Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFDj7pfMJF5cimLx9ARAtPlAJ9rEQ6xUJteJzq8NMhfediPdWRqcgCfcSFz
jadftdJtL5b+07ctBQZgBcs=
=0cKf
-----END PGP SIGNATURE-----

Re: Problems with AOL's TOS reports

Reply via email to