spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: RE: Constant .info domain spam

RE: Constant .info domain spam

From: Karsten Bräckelmann <guenther_at_nospam>
Date: Wed Oct 13 2010 - 00:03:47 GMT

On Wed, 2010-10-13 at 12:28 +1300, Peter Lowish wrote:
> I confirm that on revisiting, RCVD_IN_* rules are implemented - thanks for your help


> -----Original Message-----
> From: Karsten Bräckelmann []
> Sent: Wednesday, 13 October 2010 11:41 a.m.
> To:
> Subject: Re: Constant .info domain spam
> On Wed, 2010-10-13 at 11:16 +1300, Peter Lowish wrote:
> > How are RCVD_IN_* rules implemented Karsten?
> They are generally DNS BL checks, some of which do (and are safe for)
> deep header parsing. Most of them are checked against the handing-over
> relay's IP only, though.
> Stuff removed
I did *not* write that. What I did write, however, was an explicit
request to not top-post.

Moreover, I clearly asked for *which* RCVD_IN_* rules hit, and an
estimate frequency number. Take a guess, if I have a reason for that.

Not all of the DNS BLs have a query threshold. Yes, it is possible to
get such hits, but still miss some of the most important ones. But hey,
you ignored and snipped my questions and the information how to fix it
(unless you are a seriously heavy load), so I only can assume it doesn't
apply to you.

*shrug* Well, if the above answers all your questions, glad to help.
Otherwise, I guess we need the information I asked for.

BTW, since you got my hint to strip the quote (although not limiting to
unnecessary parts) -- there's no need to send a copy directly. I do read
the list. I wouldn't have answered to your OP otherwise...

-- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}