Re: [Exim] Final Peer Review Sought: "Spam Filtering for MXs…

Top Page
Delete this message
Reply to this message
Author: mark moseley
Date:  
To: exim-users
Subject: Re: [Exim] Final Peer Review Sought: "Spam Filtering for MXs" HOWTO
As an aside to this (and this might be well known info
already, so my pardon in advance), I ran into the same
thing the other day too.

A couple of comcast's mail servers accidentally got on
my blacklist the other day for mass spammage. Guess I
wasn't looking at the hostnames closely enough but
presumably it was a lot of spam.

Then mail from our users to comcast started bouncing.
I guess they're (like Sam mentioned below) doing
sender verification but only after they've accepted
the message. They'd accept mail from us, and then do
callouts which were getting blocked by our RBL
blacklist, so they'd then bounce it. To add to the
confusion, the error messages in the bounces they were
sending were truncated, so it was pretty impossible to
tell what the problem was.

Just thought I'd mention it in case anyone else was
seeing this, since it was fairly perplexing.

The hosts in question looked like:

rwcrm*.comcast.net
sccrm*.comcast.net

and seem to be fairly legit--and no doubt there are
more, this was just a quick sample from the last bunch
of lines from my logs. I try to keep them off any
hand-rolled blacklist anyway, but getting them back
off the blacklist took care of the bouncing issue.

Anyone from comcast here to verify this? Though the
error messages in their bounces had that qmail-style
This_is_an_error_message_etc so they might not be on
exim mailing list ;)



>Date: Thu, 15 Jul 2004 01:06:56 -0400

From: Sam Michaels <sam@???>
To: Tor Slettnes <tor@???>
Cc: Exim User's Mailing List <exim-users@???>
Subject: Re: [Exim] Final Peer Review Sought: "Spam
Filtering for MXs" HOWTO

> Hmm, no wonder me thinks:


Looks like sender verify failed for your address:

2004-07-14 17:48:53 H=sccrmhc12.comcast.net
[204.127.202.56] Warning:
Invalid sender
<tor=sam=samthecomputerman.com=zebqlxgx@???>
2004-07-14 17:49:33 H=sccrmhc12.comcast.net
[204.127.202.56]
F=<tor=sam=samthecomputerman.com=zebqlxgx@???>
rejected RCPT
<sam@???>: Invalid sender
<tor=sam=samthecomputerman.com=zebqlxgx@???>

Sam



__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail