Bret Miller wrote:
*From:* Marc Perkel [mailto:[EMAIL PROTECTED] Bret Miller wrote:Bret Miller wrote:* 127.0.0.1 - whilelist - trusted nonspam * 127.0.0.2 - blacklist - block spam * 127.0.0.3 - yellowlist - mix of spam and nonspam * 127.0.0.4 - brownlist - all spam - but not yet enough to blacklistAnd hotmail.com warrants being blacklisted?? Ouch.I do like the idea of white and yellow lists. If I could just getCommuniGate to add the ability to use it... Hotmail would be yellow listed.My headers say RCVD_IN_JMF_BL, the rule says: header RCVD_IN_JMF_BL eval:check_rbl_sub('JMF', '127.0.0.2') describe RCVD_IN_JMF_BL Sender listed in JMF-BLACK tflags RCVD_IN_JMF_BL net score RCVD_IN_JMF_BL 1.0 And here are the headers: X-Spam-Tests: tests=AWL=0.782,BAYES_00=-2.599,EXTRA_MPART_TYPE=1, FH_RELAY_NODNS=1.451,HTML_MESSAGE=0.001,PART_CID_STOCK=1.635,RCVD_IN_JMF_BL= 1, RCVD_IN_MXRATE_WL=-2,RDNS_NONE=0.1,T_TVD_FW_GRAPHIC_ID1=0.01;autolearn=no X-Spam-Score: 1.4 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on mail.hq.wcg.org X-Spam-Level: + X-TFF-CGPSA-Version: 1.6a5 X-WCG-CGPSA-Filter: Scanned Return-Path: <[EMAIL PROTECTED]> Received: from [65.54.246.239] (HELO bay0-omc3-s39.bay0.hotmail.com) by mail.wcg.org (CommuniGate Pro SMTP 5.1.11) with ESMTP id 22324864 for [EMAIL PROTECTED]; Mon, 27 Aug 2007 11:29:31 -0700 Received: from hotmail.com ([65.55.130.13]) by bay0-omc3-s39.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon, 27 Aug 2007 11:29:16 -0700 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 27 Aug 2007 11:29:15 -0700 Message-ID: <[EMAIL PROTECTED]> Received: from 71.110.94.199 by BAY125-DAV3.phx.gbl with DAV; Mon, 27 Aug 2007 18:29:10 +0000 X-Originating-IP: [71.110.94.199] X-Originating-Email: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] From: " Common Ground" <[EMAIL PROTECTED]> To: <xxxx> Subject: Back to School Blessings Date: Mon, 27 Aug 2007 11:29:09 -0700 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0023_01C7E89D.7C72B430"; type="multipart/alternative" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 X-OriginalArrivalTime: 27 Aug 2007 18:29:15.0665 (UTC) FILETIME=[2C450810:01C7E8D8] Return-Path: [EMAIL PROTECTED] To me, this equals hotmail is on the black list. BretSomething is odd. That IP isn't in any of my lists.Indeed. The problem is the rule, not the list. The check looks back at all IPs in the path, including the X-Originating-IP headers. So, "[2860] dbg: dns: hit <dns:199.94.110.71.hostkarma.junkemailfilter.com> 127.0.0.2" is what SA says is the problem. I guess I need to look at fixing it so it scans only the last external...BretI did some experimenting a while back looking at all the received IP addresses and got too many false positives. I had to give up onthe idea because it didn't work. OK... but the rules you supplied for SpamAssassin did exactly that-- they looked back at all the received headers and X-Original-IP and tested them against the lists. Add a -lastexternal to the set name to get only the last IP outside your network. Bret
Not familiar with -lastexternal - can you give an example?
