Hi Suresh,
> Try updating - I think spamass 2.2x has me in its whitelist.
Erm..no.
http://www.rfc-ignorant.com/tools/lookup.php?domain=61.11.83.59
and
http://ist.dsbl.org/listing.php?ip=61.11.83.59
And this is SA 2.44.
> Why are you wasting time checking _all_ Received headers for dialup
> blocks?
I'm not. Your ^MTA^ is listed both in rfc-ignorant and dsbl.org. SA marks
this a point and they all go over my kill point (which is also the default)
5.0. See below
DNSBL only adds 0.6 points. i.e.,
X_OSIRU_DUL (0.6 points) RBL: DNSBL: sender ip address in in a
dialup block
> All this means is that you are going to tag any mail that was sent from
> a dialup (or rather, dynamic IP ADSL in my case) and relayed through a
> different smtp server (my colo box, frodo.hserus.net, in this case) as
> spam.
No. frodo is listed on additional lists.
> You are basically just wasting your time checking for dialups / dnsbl
> IPs in headers other than the first Received: header ...
No. Please see above and below for more details.
-Kevin
Making, drinking tea and reading an opus magnum from
viruswall@???:
>Unsolicited bulk email from:
> mallet@???
>Subject: Re: SPAM FROM <exim-users-admin@???>
>
>According to the 'Received:' trace, the message originated at:
> quirk ([192.168.1.2])
>
>The message WAS NOT delivered to:
><Kevin.A.Sindhu@???>:
> 550 5.7.0 Message content rejected, id=19612-07
>
>The message has been quarantined as:
>
>/var/spool/vscan/virusmails/spam-63bd53b3e20fde984a50e0ae5a074272-20030202-191247-19612-07.gz
>
>SpamAssassin report:
>
>SPAM: -------------------- Start SpamAssassin results ----------------------
>SPAM: This mail is probably spam. The original message has been altered
>SPAM: so you can recognise or block similar unwanted mail in future.
>SPAM: See http://spamassassin.org/tag/ for more details.
>SPAM:
>SPAM: Content analysis details: (5.20 hits, 5 required)
>SPAM: REFERENCES (-0.5 points) Has a valid-looking References header
>SPAM: NOSPAM_INC (-0.2 points) Where are you working at?
>SPAM: USER_AGENT_OE (0.2 points) X-Mailer header indicates a
>non-spam MUA (Outlook Express)
>SPAM: EMAIL_ATTRIBUTION (-1.6 points) BODY: Contains what looks like an
>email attribution
>SPAM: SPAM_PHRASE_05_08 (1.6 points) BODY: Spam phrases score is 05 to
>08 (medium)
>SPAM: [score: 7]
>SPAM: QUOTED_EMAIL_TEXT (-0.8 points) BODY: Contains what looks like a
>quoted email text
>SPAM: RCVD_IN_DSBL (3.2 points) RBL: Received via a relay in
>list.dsbl.org
>SPAM: [RBL check: found 59.83.11.61.list.dsbl.org]
>SPAM: RCVD_IN_OSIRUSOFT_COM (0.4 points) RBL: Received via a relay in
>relays.osirusoft.com
>SPAM: [RBL check: found
>59.83.11.61.relays.osirusoft.com., type: 127.0.0.3]
>SPAM: RCVD_IN_RFCI (2.3 points) RBL: Received via a relay in
>ipwhois.rfc-ignorant.org
>SPAM: [RBL check: found
>59.83.11.61.ipwhois.rfc-ignorant.org., type: 127.0.0.6]
>SPAM: X_OSIRU_DUL (0.6 points) RBL: DNSBL: sender ip address in in
>a dialup block
>SPAM:
>SPAM: -------------------- End of SpamAssassin results ---------------------
>
>------------------------- BEGIN HEADERS -----------------------------
>Received: from frodo.hserus.net
>(_RELAYED_VIA_VirusWall-UK.VPN.MailSrv_Internal.MAIL.AC [192.168.33.5])
> by mail.open-systems.org (Postfix) with ESMTP id C37A2101A1C
> for <Kevin.A.Sindhu@???>; Sun, 2 Feb 2003 19:12:44 -0800 (PST)
>Received: from [61.11.83.59] (helo=quirk.hserus.net)
> by frodo.hserus.net with asmtp (SSLv3:EDH-RSA-DES-CBC3-SHA:168)
> (Exim 4.12)
> id 18fX09-0002nx-00
> for Kevin.A.Sindhu@???; Mon, 03 Feb 2003 08:40:30 +0530
>Received: from quirk ([192.168.1.2])
> by quirk.hserus.net (VisNetic.MailServer.v5.3.5.0) with SMTP id
> for <Kevin.A.Sindhu@???>; Mon, 03 Feb 2003 03:10:20 +0530
>Message-ID: <002801c2cb03$aef30de0$0201a8c0@quirk>
>From: "Suresh Ramasubramanian" <mallet@???>
>To: "Kevin Sindhu" <Kevin.A.Sindhu@???>
>References: <5.2.0.9.2.20030202183823.00ae7c28@192.168.33.245>
>Subject: Re: SPAM FROM <exim-users-admin@???>
>Date: Mon, 3 Feb 2003 03:10:18 +0530
>Organization: -ENOENT
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook Express 6.00.2800.1106
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>-------------------------- END HEADERS ------------------------------
