RE: FW: Tons of spam getting through

Tue, 19 Aug 2014 13:06:39 -0700 

On Tue, 19 Aug 2014, Greg Ledford wrote:


What exactly are SA headers supposed to look like?


SA headers look like this:


X-Spam-Flag: NO
X-Spam-Score: 0.138
X-Spam-Level:
X-Spam-Status: No, score=0.138 tagged_above=-100 required=5
               tests=[MISSING_MID=0.14, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
               autolearn=no autolearn_force=no



I’m still getting quite a bit of spam coming through. It’s blocking 
quite a bit but I’m not so sure SA is even doing its job.



Messages are apparently being scanned, though they don't appear to be 
hitting much in the way of rules...



Is there maybe a way to just block everything from anything .us?



That would probably be easier to do in your MTA before the message is 
even passed to SA.



Stuff like this is being missed (what’s really amusing is this list 
blocked my original response because IT sure seems to know what spam 
is!) :



If that's a spam, then please post the entire message, with all headers 
intact in their raw form, to pastebin and post the URL here. That will let 
us take a look at what rules are hit in our environment and suggest 
possible fixes.


Note: if the headers look like this:


From: Fast-Funds684 
<quick.apprv...@onlyfastslans.us<mailto:quick.apprv...@onlyfastslans.us>>



i.e., with <mailto:...> injected, they probably are not "raw". I don't 
know of the best way to get a raw RFC-822-format message out of Exchange, 
but I assume there is a way.


--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  People think they're trading chaos for order [by ceding more and
  more power to the Government], but they're just trading normal
  human evil for the really dangerous organized kind of evil, the
  kind that simply does not give a shit. Only bureaucrats can give
  you true evil.                                     -- Larry Correia
-----------------------------------------------------------------------
 5 days until the 1935th anniversary of the destruction of Pompeii





















					Reply via email to