Re: SA gone mad

Wed, 09 Sep 2015 04:43:09 -0700 

Hello,
what about starting with the log-entries showing the matched rules from some of that messages from the very first start? "it don't work as i expect" is not enough and the only correct answer would be "i am sorry for you" 

On 09.09.15 13:08, Farkas Zsolt wrote:

it has been done at the start, but there is no visible reason for the 
abnormal behavior: limit is 15 but it is filtered with 13.1



Content analysis details:   (13.1 points, 15.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                           [score: 1.0000]
2.3 FSL_HELO_BARE_IP_1     FSL_HELO_BARE_IP_1
0.0 TVD_RCVD_IP4           TVD_RCVD_IP4
0.0 TVD_RCVD_IP            TVD_RCVD_IP
1.2 RCVD_NUMERIC_HELO      Received: contains an IP address used for HELO
1.4 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
                           [113.167.11.149 listed in bb.barracudacentral.org]
0.5 MISSING_MID            Missing Message-Id: header
0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS
1.4 MISSING_DATE           Missing Date: header
2.0 FROM_12LTRDOM          From a 12-letter domain
0.0 TO_NO_BRKTS_NORDNS     To: misformatted and no rDNS



Return-Path: <>
X-Greylist: delayed 281 seconds by postgrey-1.34 at server5; Wed, 09 Sep 2015 
11:43:16 CEST
Received: from 113.167.11.149 (unknown [113.167.11.149])
        by server5.xxxxxxx (Postfix) with SMTP id 849BA264029
        for<sgauvin@xxxxxxx>; Wed,  9 Sep 2015 11:43:16 +0200 (CEST)
Received: from unknown (HELO localhost) (mh...@lnainsurance.com@96.100.228.198)
        by 113.167.11.149 with ESMTPA; Wed, 9 Sep 2015 16:41:05 +0700
From:mh...@lnainsurance.com
To:sgauvin@xxxxxx
Subject: Are you ready to impress your beloved one at night?


This looks like mail sent through your mailseerver to outside: numeric helo,
no rDNS, missing Date and Message-Id headers...

or, may tghe header be somehow broken? Could you post whole message, or at
least all headers and part of the textual body to pastebin?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]


























					Reply via email to