Re: [exim] Advice on a Regexp requested

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim-users
Subject: Re: [exim] Advice on a Regexp requested
Ted Cooper wrote:
> !!!!!!! 131.111.8.0/24 is black listed from queries to URIBL public
> mirrors !!!!!!!!!!!! (tahini .. the cam.ac.uk network .. or part thereof)
>
> W B Hacker wrote:
>> Side issue - NOW we have a mystery - not sure if it is related -
>> *attempting* to copy you directly.
>>
> Quite interesting. My server added the higher than average negative spam
> score on my outbound (I think) so it looks like I'm leaking there ;) But
> since it's less than 5, I'm not adding anything but that single header.
> I received both of these emails and it looks like I didn't have anything
> to do with the rejection of the bounced mail. Mailing list went nuts?
>> My goal was to add spam demerits for that 'race' of MTA (above)
>>
>> CAVEAT: in my environment, and perhaps no other, it has always and
>> only been used to send very obvious UCE or phish.
>>
> I've seen PowerMTA in a lot of spam that's trying to pass off as ok, but
> it's also used by a few people in the travel industry so I can't be very
> abusive towards.
>> But .. on the way to the theatre, both my original post and your reply
>> post were whacked with outrageous SA scores and shunted off to a
>> quarantine folder.
>>
>> Headers appear to show THREE passes thru SA at various points, scores
>> ranging from a high positive to a higher-then-average negative, and a
>> third score in the middle.
>>
>> Given the rather innocent message content, it looks as if at least one
>> of us is already filtering on that very string - the one naming the MTA.
>>
>> I don't see any other content that is out of the ordinary.
>>
>> Relevant headers from my post and your reply below.
>>
>>
> On my post, I'm guessing mxa.outb is adding the -4.1, tahini is adding
> the 1.4 and you're adding the 4.0. The first header is my MUA not an MTA
> even though my rDNS is setup for a mail server. I got that setup and
> then never moved my outbound host ;)
>
> The weird this is the URIBL and URIBL_PH_SURBL hits ... what did I send
> again??
>
> X-Spam-Status: No, score=1.4 required=5.0 tests=AWL=-3.000, BAYES_00=-1.5,
>     FORGED_RCVD_HELO=0.135, URIBL_BLACK=3,
>     URIBL_PH_SURBL=2.8 autolearn=no version=3.1.8

>
>
> !!!!!!! 131.111.8.0/24 is black listed from queries to URIBL public
> mirrors !!!!!!!!!!!!
>
> I'm guessing that might explain the whack scores.
>
>


Ted,

Thanks - that also explains something I had not taken the time to look at -
evidenced in several of my replies to posts showing up with 'Suspect:' stuffed
into the subject line - added by my filters on the OP trip from tahini to me.

As we would expect, tahini is one of the most expertly and 'pragmaticaly'
configured servers about - very good balance of filtering.

But from time to time I have had give it special handling - one of the very few
I do not arbitrarily strip ALL X-headers from for example, as doing so messes up
threading.

Wonder if this URIBL issue is affecting anyone else?

Bill