Carlos Williams wrote:
On Mon, Mar 30, 2009 at 3:01 PM, Noel Jones <njo...@megan.vbhcs.org> wrote:
Can you post the full unaltered headers of the message? Change the username
part of mail addresses to protect privacy.
Noel,
I am guessing I just post the headers from the message as I see it
with the exception of the username for privacy, correct?
Return-Path: <teem...@iqnetsys.net>
X-Original-To: every...@ideorlando.org
Delivered-To: use...@ideorlando.org
Received: by mail.ideorlando.org (Postfix)
id B71C61FA4DA3; Mon, 30 Mar 2009 10:33:01 -0400 (EDT)
Delivered-To: every...@ideorlando.org
Received: from localhost (localhost [127.0.0.1])
by mail.ideorlando.org (Postfix) with ESMTP id A94B31FA4DA0
for <every...@ideorlando.org>; Mon, 30 Mar 2009 10:33:01 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at ideorlando.org
X-Spam-Flag: YES
X-Spam-Score: 16.926
X-Spam-Level: ****************
X-Spam-Status: Yes, score=16.926 tagged_above=-5 required=4
tests=[BAYES_50=0.001, DNS_FROM_RFC_BOGUSMX=1.482,
HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493,
RCVD_NUMERIC_HELO=2.067, RDNS_NONE=0.1, STOX_REPLY_TYPE=0.001,
TVD_RCVD_IP=1.931, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501]
Received: from mail.ideorlando.org ([127.0.0.1])
by localhost (mail.ideorlando.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id x9wUuMu35-4A for <every...@ideorlando.org>;
Mon, 30 Mar 2009 10:32:53 -0400 (EDT)
Received: from 59.165.5.205.man-static.vsnl.net.in (unknown [59.165.5.205])
by mail.ideorlando.org (Postfix) with ESMTP id 910AA1FA4D9E
for <every...@ideorlando.org>; Mon, 30 Mar 2009 10:32:52 -0400 (EDT)
Excellent. Received: headers are read bottom-up, so this
message was first received by your system from [59.165.5.205].
This client is currently listed in both zen and spamcop.
Your configuration appears correct, so the easy assumption is
it wasn't listed when you received it.
What you can do:
- implement greylisting to delay connections from "new"
client/sender/recipient combinations. This is not without
problems; legit mail is delayed too. Some are listed here:
http://www.postfix.org/addon.html#policy
and many milters can do this too. The object of greylisting
it to allow RBLs time to catch up with new spam sources.
- This particular message scored 16+ in your SpamAssassin.
You could set your amavisd-new to discard spam scoring above
some level to get rid of high scoring spam.
- some people reject generic-looking HELO names such as this
client used, "59.165.5.205.man-static.vsnl.net.in". A pcre
type check_helo_access map with an entry like
/(\d+[.-]){4}[^.]+\.[^.]/ REJECT generic rDNS helo command
would do the trick. Note this can reject legit mail.
See the archives for more implementation examples.
-- Noel Jones
