!!!!!!! 131.111.8.0/24 is black listed from queries to URIBL public
mirrors !!!!!!!!!!!! (tahini .. the cam.ac.uk network .. or part thereof)
W B Hacker wrote:
> Side issue - NOW we have a mystery - not sure if it is related - *attempting* to
> copy you directly.
>
Quite interesting. My server added the higher than average negative spam
score on my outbound (I think) so it looks like I'm leaking there ;) But
since it's less than 5, I'm not adding anything but that single header.
I received both of these emails and it looks like I didn't have anything
to do with the rejection of the bounced mail. Mailing list went nuts?
> My goal was to add spam demerits for that 'race' of MTA (above)
>
> CAVEAT: in my environment, and perhaps no other, it has always and only been
> used to send very obvious UCE or phish.
>
I've seen PowerMTA in a lot of spam that's trying to pass off as ok, but
it's also used by a few people in the travel industry so I can't be very
abusive towards.
> But .. on the way to the theatre, both my original post and your reply post were
> whacked with outrageous SA scores and shunted off to a quarantine folder.
>
> Headers appear to show THREE passes thru SA at various points, scores ranging
> from a high positive to a higher-then-average negative, and a third score in the
> middle.
>
> Given the rather innocent message content, it looks as if at least one of us is
> already filtering on that very string - the one naming the MTA.
>
> I don't see any other content that is out of the ordinary.
>
> Relevant headers from my post and your reply below.
>
>
On my post, I'm guessing mxa.outb is adding the -4.1, tahini is adding
the 1.4 and you're adding the 4.0. The first header is my MUA not an MTA
even though my rDNS is setup for a mail server. I got that setup and
then never moved my outbound host ;)
The weird this is the URIBL and URIBL_PH_SURBL hits ... what did I send
again??
X-Spam-Status: No, score=1.4 required=5.0 tests=AWL=-3.000, BAYES_00=-1.5,
FORGED_RCVD_HELO=0.135, URIBL_BLACK=3,
URIBL_PH_SURBL=2.8 autolearn=no version=3.1.8
!!!!!!! 131.111.8.0/24 is black listed from queries to URIBL public
mirrors !!!!!!!!!!!!
I'm guessing that might explain the whack scores.
