Spam Filters Not Catching Repeating Offenders?

Mon, 30 Mar 2009 07:49:34 -0700 

I noticed I keep getting the same spam message delivered to a building
wide distribution via Postfix and I can't understand why the following
are not catching it every time?

Here is the message:

Return-Path: <teem...@iqnetsys.net>
X-Original-To: every...@....
Delivered-To: cwilli...@....
Received: by mail..... (Postfix)
        id B71C61FA4DA3; Mon, 30 Mar 2009 10:33:01 -0400 (EDT)
Delivered-To: every...@....
Received: from localhost (localhost [127.0.0.1])
        by mail..... (Postfix) with ESMTP id A94B31FA4DA0
        for <every...@....>; Mon, 30 Mar 2009 10:33:01 -0400 (EDT)
X-Virus-Scanned: GNU/Linux Amavisd-new at ....
X-Spam-Flag: YES
X-Spam-Score: 16.926
X-Spam-Level: ****************
X-Spam-Status: Yes, score=16.926 tagged_above=-5 required=4
        tests=[BAYES_50=0.001, DNS_FROM_RFC_BOGUSMX=1.482,
        HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493,
        RCVD_NUMERIC_HELO=2.067, RDNS_NONE=0.1, STOX_REPLY_TYPE=0.001,
        TVD_RCVD_IP=1.931, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501]

Now in my main.cf, I have the following:

smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unlisted_recipient,
        reject_unlisted_sender,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client safe.dnsbl.sorbs.net,
        reject_invalid_hostname,
        reject_non_fqdn_hostname

I don't know if I have this configured wrong but if the above is
correct, should zen.spamhaus.org not be catching this as it does
everything else?

Mar 30 10:45:46 mail postfix/smtpd[16825]: NOQUEUE: reject: RCPT from
unknown[189.71.167.149]: 554 5.7.1 Service unavailable; Client host
[189.71.167.149] blocked using zen.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=189.71.167.149;
from=<aleksash...@mail.ru> to=<w...@ideorlando.org> proto=ESMTP
helo=<[189.71.167.149]>

Mar 30 10:45:55 mail postfix/smtpd[15486]: NOQUEUE: reject: RCPT from
unknown[83.69.139.6]: 554 5.7.1 Service unavailable; Client host
[83.69.139.6] blocked using zen.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=83.69.139.6;
from=<kfnu...@blsarchitects.com> to=<bnor...@....> proto=ESMTP
helo=<[83.69.139.6]>

Reply via email to