This is the summary generated by Spamassassin, although I can change some
things in the email body itself
to avoid having it catched as spam. It is clear that the greatest scores are
generated by the rules that detect
the IP it comes from.
Spam detection software, running on the system "beta.vohosting.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: MAJAZ: JNE pretende impedir consulta vecinal El Jurado
Nacional
de Elecciones autorizó a su procurador tomar medidas cautelares para
incautar
todos los materiales de la consulta vecinal convocada por los distritos
de
Ayabaca, Carmen de la Frontera y Pacaipampa. [...]
Content analysis details: (16.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.0 EXTRA_MPART_TYPE Header has extraneous Content-type:...type=
entry
0.1 RDNS_NONE Delivered to trusted network by a host with no
rDNS
0.0 BOTNET_BADDNS Relay doesn't have full circle DNS
[botnet_baddns,ip=201.230.86.203,rdns=
client-201.230.86.203.speedy.net.pe]
0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings
[botnet_clientwords,ip=201.230.86.203,rdns=
client-201.230.86.203.speedy.net.pe]
1.8 SUBJ_ALL_CAPS Subject is all capitals
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=201.230.86.203,hostname=client-201.230.86.203.speedy.net.pe
,maildomain=conflictosmineros.org.pe,baddns,client,ipinhostname,clientwords]
0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
[botnet_ipinhosntame,ip=201.230.86.203,rdns=
client-201.230.86.203.speedy.net.pe]
0.0 BOTNET_CLIENT Relay has a client-like hostname
[botnet_client,ip=201.230.86.203,hostname=
client-201.230.86.203.speedy.net.pe,ipinhostname,clientwords]
0.0 T_TVD_FW_GRAPHIC_ID1 BODY: T_TVD_FW_GRAPHIC_ID1
0.0 HTML_MESSAGE BODY: HTML included in message
1.6 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[201.230.86.203 listed in dnsbl.sorbs.net]
1.2 PART_CID_STOCK Has a spammy image attachment (by Content-ID)
0.0 PART_CID_STOCK_LESS Has a spammy image attachment (by Content-ID,
more specific)
1.1 MY_CID_ARIAL_STYLE SARE cid arial2 style
0.9 MY_CID_AND_CLOSING SARE cid and closing
0.7 MY_CID_AND_STYLE SARE cid and style
0.7 MY_CID_AND_ARIAL2 SARE CID and Arial2
1.2 MY_CID_ARIAL2_CLOSING SARE cid arial2 closing
0.7 SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
On 9/13/07, Magnus Holmgren <holmgren@???> wrote:
>
> > On Thursday 13 September 2007 19:47, Alejandro Lengua wrote:
> > Most dynamic IPs from ADSL providers are in blacklists, therefore when
> they
> > send
> > emails from my email server, their emails are bounced even if my mail
> > server is not blacklisted.
> > Is there a way to make EXIM, not include the original IP of the sender?
>
> It might be helpful if you could provide a couple of examples of such
> emails.
> If your mail server seems credible and the recipients' mail servers are
> configured correctly, they should not refuse mail just because it
> originated
> at a dynamic IP address or even if the IP address is blacklisted as
> spamware-infected (e.g. Spamhaus PBL and XBL). Some blacklists, such as
> SBL,
> contain IP addresses directly controlled or owned by spammers, and in that
> case it makes more sense to block the mail. For example, SpamAssassin
> makes
> this distinction.
>
> I don't think it is advisable to delete tracking information from the
> header.
>
> - --
> Magnus Holmgren holmgren@???
> (No Cc of list mail needed, thanks)
> >
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>