| Main Archive Page > Month Archives > spamassassin-users archives |
RE: Constant .info domain spam
From: Peter Lowish <peter_at_nospam>Date: Tue Oct 12 2010 - 22:16:41 GMT
To: 'Karsten Bräckelmann' <guenther@rudersport.de>, <users@spamassassin.apache.org>
How are RCVD_IN_* rules implemented Karsten?
I have similar spam being sent from such addresses as
bidwars.uyjqm@trgide.soldiersupplywell.net and I don’t see that rule in the
matching rules
Running mailwatch for mailscanner with spamassassin
Thanks
peter
-----Original Message-----
From: Karsten Bräckelmann [mailto:guenther@rudersport.de]
Sent: Wednesday, 13 October 2010 10:05 a.m.
To: users@spamassassin.apache.org
Subject: Re: Constant .info domain spam
On Tue, 2010-10-12 at 10:32 -1000, Julian Yap wrote:
> NOTE: I changed the domains below to 'dot info' as the mailing list
> rejected my initial submission.
>
> I'm pretty sure it's not just me but there is some constant spamming
> from dot info domains. Perhaps for the past 2 months or so.
>
> Often they send hundreds per day and consistently from the same IP's.
>
> Are people using automated IP blacklists or something like that?
Yes. SA even uses them by default.
What do your SA rules triggered look like? Check your identified spam.
Do you see RCVD_IN_* rules?
If not, you are having DNS problems, or deliberately disabled those
network checks.
-- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}