Re: [exim] Advice on a Regexp requested

Top Page
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim users
CC: W B Hacker
Subject: Re: [exim] Advice on a Regexp requested
!!!!!!! 131.111.8.0/24 is black listed from queries to URIBL public
mirrors !!!!!!!!!!!! (tahini .. the cam.ac.uk network .. or part thereof)

W B Hacker wrote:
> Side issue - NOW we have a mystery - not sure if it is related - *attempting* to
> copy you directly.
>

Quite interesting. My server added the higher than average negative spam
score on my outbound (I think) so it looks like I'm leaking there ;) But
since it's less than 5, I'm not adding anything but that single header.
I received both of these emails and it looks like I didn't have anything
to do with the rejection of the bounced mail. Mailing list went nuts?
> My goal was to add spam demerits for that 'race' of MTA (above)
>
> CAVEAT: in my environment, and perhaps no other, it has always and only been
> used to send very obvious UCE or phish.
>

I've seen PowerMTA in a lot of spam that's trying to pass off as ok, but
it's also used by a few people in the travel industry so I can't be very
abusive towards.
> But .. on the way to the theatre, both my original post and your reply post were
> whacked with outrageous SA scores and shunted off to a quarantine folder.
>
> Headers appear to show THREE passes thru SA at various points, scores ranging
> from a high positive to a higher-then-average negative, and a third score in the
> middle.
>
> Given the rather innocent message content, it looks as if at least one of us is
> already filtering on that very string - the one naming the MTA.
>
> I don't see any other content that is out of the ordinary.
>
> Relevant headers from my post and your reply below.
>
>

On my post, I'm guessing mxa.outb is adding the -4.1, tahini is adding
the 1.4 and you're adding the 4.0. The first header is my MUA not an MTA
even though my rDNS is setup for a mail server. I got that setup and
then never moved my outbound host ;)

The weird this is the URIBL and URIBL_PH_SURBL hits ... what did I send
again??

X-Spam-Status: No, score=1.4 required=5.0 tests=AWL=-3.000, BAYES_00=-1.5,
    FORGED_RCVD_HELO=0.135, URIBL_BLACK=3,
    URIBL_PH_SURBL=2.8 autolearn=no version=3.1.8



!!!!!!! 131.111.8.0/24 is black listed from queries to URIBL public
mirrors !!!!!!!!!!!!

I'm guessing that might explain the whack scores.