|Main Archive Page > Month Archives > spamassassin-users archives|
2010/10/12 Karsten Bräckelmann <firstname.lastname@example.org>:
> On Tue, 2010-10-12 at 10:32 -1000, Julian Yap wrote:
>> NOTE: I changed the domains below to 'dot info' as the mailing list
>> rejected my initial submission.
>> I'm pretty sure it's not just me but there is some constant spamming
>> from dot info domains. Perhaps for the past 2 months or so.
>> Often they send hundreds per day and consistently from the same IP's.
>> Are people using automated IP blacklists or something like that?
> Yes. SA even uses them by default.
> What do your SA rules triggered look like? Check your identified spam.
> Do you see RCVD_IN_* rules?
> If not, you are having DNS problems, or deliberately disabled those
> network checks.
Many of the don't trigger the RCVD_IN_* rules. Does anyone implement
their own private DNS black list?
Here's a latest one:
From: "Juice Up My Income" <Art@parkrasive dot info>
Subject: Sometimes timing is everything
Date Received: Oct 12, 2010 13:43 PM
7.9 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000]
1.2 HOST_EQ_STATIC HOST_EQ_STATIC
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
1.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.5 MY_OBFUX RAW: X with unusual chars
0.3 MY_OBFU_MISC RAW: Misc unusual chars together
0.3 HOST_MISMATCH_COM HOST_MISMATCH_COM
0.3 MIME_8BIT_HEADER Message header contains 8-bit character
1.4 HELO_MISMATCH_INFO HELO_MISMATCH_INFO
0.0 SUBJECT_NEEDS_ENCODING SUBJECT_NEEDS_ENCODING
0.0 T_REMOTE_IMAGE Message contains an external image