Re: [SAtalk] Rule for Juno/Netzero
tir, 2003-01-28 kl. 19:44 skrev Debbie D: > So I believe that a rule needs to be added that reduces the score on a legit > Juno mail.. Can someone help me out here?? Isn't that what whitelist_from/whitelist_from_rcvd is for? That's what I use it for, at any rate. Best, Tony -- Tony Earnshaw When all's said and done ... there's nothing left to say or do. e-post: [EMAIL PROTECTED] www:http://www.billy.demon.nl --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] whitelist with spamassassin ?
The problem here is that Microsoft is too lazy to set up DNS for the server delivering this mail. Until they do so, whitelist_from_rcvd will NOT work. As per the man page, the part of the Received header searched MUST be next to a bracketed IP address to prevent simple HELO spoofing. Received: from delivery.pens.microsoft.com ([207.46.248.65]) by mail.explainerdc.com (8.12.6/8.12.6) with ESMTP id h0SGVS6a018669 Note that 1) there is no such name delivery.pens.microsoft.com. Try doing a nslookup or dig delivery.pens.microsoft.com.. nada.. 2) the text delivery.pens.microsoft.com is not directly next to the IP address, thus the delivering server is 207.46.248.65 but has NO reverse DNS name at all. The whitelist_from_rcvd rule will only work if the received header looks like this (which would happen if MS got off their lazy butt and set up reverse and forward DNS entries properly): Received: from delivery.pens.microsoft.com (delivery.pens.microsoft.com [207.46.248.65]) by mail.explainerdc.com (8.12.6/8.12.6) with ESMTP id h0SGVS6a018669 Note in the second case there's a reverse DNS resolution for that mailserver, not just a HELO string. Heck, given that the presented HELO doesn't resolve, *and* the IP has *NO* reverse lookup at all, some mailservers won't even accept mail from them. (some mailservers require at least a PTR record, any PTR record, for the IP delivering mail, or the HELO string resolving with an A record matching the IP.) But then again, given how well Microsoft seems understand TCP/IP, SMTP and other well known RFC protocols, I'm not surprised by this behavior. I bet they call it a "security" feature. At least the IPwhois of 207.46.248.65 does indicate it's a Microsoft IP address :) NetRange: 207.46.0.0 - 207.46.255.255 CIDR: 207.46.0.0/16 NetName:MICROSOFT-GLOBAL-NET NetHandle: NET-207-46-0-0-1 Parent: NET-207-0-0-0-0 NetType:Direct Assignment At 06:23 PM 1/28/2003 +0100, Stephan van Hienen wrote: Hi, I can't find a good description on the whitelist option for spamassassin How can I whitelist all email from microsoft (newsletters) sended from microsoft servers ? I tried doing this : whitelist_from_rcvd *@microsoft.commicrosoft.com whitelist_from_rcvd *@*.microsoft.com microsoft.com But then the following email get marked as spam (not seen as whitelisted) -- Return-Path: <[EMAIL PROTECTED] om> Received: from delivery.pens.microsoft.com ([207.46.248.65]) by mail.explainerdc.com (8.12.6/8.12.6) with ESMTP id h0SGVS6a018669 for <[EMAIL PROTECTED]>; Tue, 28 Jan 2003 17:31:28 +0100 Received: from TK2MSFTDDSQ04 ([10.40.1.68]) by delivery.pens.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 28 Jan 2003 08:31:06 -0800 Reply-To: <[EMAIL PROTECTED] om> From: "Microsoft" <[EMAIL PROTECTED] om> To: <[EMAIL PROTECTED]> -- Before I make a lot whitelist_from_rvcd lines, what exactly do I need to put there ? (as microsoft likes to send from different mailservers) --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld http://www.vasoftware.com ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Missing Spam-Level tags
I keep getting headers like this: X-Spam-Status has a write-up on the hits... X-Spam-Level is always present, but empty. Now, I do not have anything in my directories which is currently recorded as Spam (hits >= 5.0). Is it "OK" that the X-Spam-Level shows nothing until (I assume here) there is a score of at least 5.0 where it will present itself a nice set of '*'... -- Nietzsche is pietzsche, but Schiller is killer, and Goethe is moethe. --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Rule for Juno/Netzero
This is one of a few rules (along with the HTML only rule) that shouldn't truely be in SpamAssassin. IMHO SpamAssassins rule should be oriented to things ALWAYS found in spam, or should have exceptions to compensate. As for this issue Forged_Juno_Rcvd shouldn't be so high, or should be counteracted if a signature from Juno is also found in the email. Debbie D wrote: My step son just signed up for Juno and all his mails are coming in marked as spam with a slew of rules broken: X-Spam-Status: Yes, hits=7.9 required=6.0 tests=FORGED_JUNO_RCVD,FORGED_RCVD_FOUND,FORGED_RCVD_TRAIL, FROM_ENDS_IN_NUMS,NO_REAL_NAME,ONLY_COST,SPAM_PHRASE_00_01, SUBJ_MISSING In looking at the full headers I see the FORGED_RCVD_TRAIL and FORGED_JUNO_RCVD are a result of the fact Netzero evidently owns Juno and the mail is coming off netzero servers.. Now add in the Juno footer in the mail, the fact the kid neglected to type a subject and I will not even share the nonsense he typed as the body in this test mail I also signed up for a free Juno account so I could help him work the webmail there.. and today I received a mail from their support team reminding me that if I wanted to jump to the Premium version it costs.. and please click here.. This mail was also marked as spam. The headers in both mails are different as one was a web based email the other coming from the offices.. So I believe that a rule needs to be added that reduces the score on a legit Juno mail.. Can someone help me out here?? Here are the headers from the 2 mails: Thanks.. Debbie web mail (scored 7.9): Return-Path: <[EMAIL PROTECTED]> Received: from webmail1.wlv.untd.com (outbound-16.wlv.untd.com [64.136.16.100]) by www.wwwebserv.com (8.10.2/8.10.2) with SMTP id h0RHkrR25452 for <[EMAIL PROTECTED]>; Mon, 27 Jan 2003 12:46:53 -0500 Received: from cookie.juno.com by cookie.juno.com for <"2lfT/unMyoj0mPaXqnFzIVJXEEy8pjV0rAuEdf3WhnTAmM+rt/Mim58nzesdqWzn"> Received: (from [EMAIL PROTECTED]) by webmail1.wlv.untd.com (jqueuemail) id HPJ25UHC; Mon, 27 Jan 2003 09:48:36 PST X-Original-From: [EMAIL PROTECTED] Date: Mon, 27 Jan 2003 17:47:48 GMT To: [EMAIL PROTECTED] Cc: Subject: *SPAM* X-Mailer: Juno Webmail Version 1.0 Received: from [137.123.201.141] by webmail1.wlv.untd.com X-Originating-IP: [137.123.201.141] From: [EMAIL PROTECTED] Message-Id: <[EMAIL PROTECTED]> == from Juno support (scored 9.9) Return-Path: <[EMAIL PROTECTED]> Received: from nc1.wlv.netzero.net (nc1.wlv.netzero.net [209.247.163.78]) by www.wwwebserv.com (8.10.2/8.10.2) with SMTP id h0SHGKR09115 for <[EMAIL PROTECTED]>; Tue, 28 Jan 2003 12:16:20 -0500 Received: (qmail 91023 invoked by uid 0); 28 Jan 2003 17:04:59 - Date: 28 Jan 2003 17:04:59 - Message-ID: <[EMAIL PROTECTED]> From: Juno Member Services <[EMAIL PROTECTED]> Reply-To: Juno <[EMAIL PROTECTED]> Errors-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- Robert J. Accettura [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
