spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Constant .info domain spam

Re: Constant .info domain spam

From: Karsten Bräckelmann <guenther_at_nospam>
Date: Tue Oct 12 2010 - 21:05:28 GMT
To: users@spamassassin.apache.org

On Tue, 2010-10-12 at 10:32 -1000, Julian Yap wrote:
> NOTE: I changed the domains below to 'dot info' as the mailing list
> rejected my initial submission.
>
> I'm pretty sure it's not just me but there is some constant spamming
> from dot info domains. Perhaps for the past 2 months or so.
>
> Often they send hundreds per day and consistently from the same IP's.
>
> Are people using automated IP blacklists or something like that?

Yes. SA even uses them by default.

What do your SA rules triggered look like? Check your identified spam.
Do you see RCVD_IN_* rules?

If not, you are having DNS problems, or deliberately disabled those
network checks.

-- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}