Romance spam

2013-02-21 Thread Kenneth Porter
I'm noticing the following header in recent "romance" spam that looks like it might be an easy pattern to match. It's an unsubscribe link with a mailto link with a hex digit username of up to 20 digits. This is from a grep of my Uncaught folder. List-Unsubscribe:

Re: Masscheck question

2013-02-21 Thread John Hardin
On Thu, 21 Feb 2013, Marc Perkel wrote: I've been running mass checking for about a week getting the process fine tuned. I notice however that I never get a negative score. Lowest score is 0. Am I missing something? The distributed part of masscheck only collects rule hit data. The scores ar

Re: rdns in received header

2013-02-21 Thread Kevin A. McGrail
On 2/21/2013 4:36 PM, David F. Skoll wrote: On Thu, 21 Feb 2013 16:26:46 -0500 "Kevin A. McGrail" wrote: But I do believe it's generally accepted that one of the primary original uses for rDNS was for received headers in SMTP. I don't think anything requires it. Someone on this list will kno

Re: rdns in received header

2013-02-21 Thread David F. Skoll
On Thu, 21 Feb 2013 16:26:46 -0500 "Kevin A. McGrail" wrote: > But I do believe it's generally accepted that one of the primary > original uses for rDNS was for received headers in SMTP. I don't > think anything requires it. Someone on this list will know for sure. My reading of RFC 5321 is t

Re: rdns in received header

2013-02-21 Thread Kevin A. McGrail
On 2/21/2013 2:51 PM, Jeff Mincy wrote: From: "Kevin A. McGrail" Date: Thu, 21 Feb 2013 11:07:20 -0500 On 2/21/2013 10:36 AM, Matus UHLAR - fantomas wrote: > And how is this ISP's issue related to RFCs? The RFC does not mention > word > "trusted" A fair point th

Re: rdns in received header

2013-02-21 Thread Jeff Mincy
From: Matus UHLAR - fantomas Date: Thu, 21 Feb 2013 16:36:18 +0100 >On 2/21/2013 9:03 AM, Jeff Mincy wrote: >>Well, I trust the network not to lie. This is more of an omission On 21.02.13 10:26, Kevin A. McGrail wrote: >Your Clinton-esque logic likely doesn't apply h

Masscheck question

2013-02-21 Thread Marc Perkel
Hi, I've been running mass checking for about a week getting the process fine tuned. I notice however that I never get a negative score. Lowest score is 0. Am I missing something? Thanks in advance -- Marc Perkel - Sales/Support supp...@junkemailfilter.com http://www.junkemailfilter.com Junk

Re: rdns in received header

2013-02-21 Thread Jeff Mincy
From: "Kevin A. McGrail" Date: Thu, 21 Feb 2013 11:07:20 -0500 On 2/21/2013 10:36 AM, Matus UHLAR - fantomas wrote: > And how is this ISP's issue related to RFCs? The RFC does not mention > word > "trusted" A fair point that I didn't explain clearly enough. The RFC

Re: rdns in received header

2013-02-21 Thread Kevin A. McGrail
On 2/21/2013 10:36 AM, Matus UHLAR - fantomas wrote: And how is this ISP's issue related to RFCs? The RFC does not mention word "trusted" A fair point that I didn't explain clearly enough. The RFCs cover received headers for SMTP

Re: rdns in received header

2013-02-21 Thread Matus UHLAR - fantomas
On 2/21/2013 9:03 AM, Jeff Mincy wrote: Well, I trust the network not to lie. This is more of an omission On 21.02.13 10:26, Kevin A. McGrail wrote: Your Clinton-esque logic likely doesn't apply here ;-). The land of RFC's works to avoid this type of logic in a language I call RFC-eeze.

[Somewhat OT] Procmail replacement (was Re: rdns in received header)

2013-02-21 Thread David F. Skoll
On Thu, 21 Feb 2013 10:26:32 -0500 "Kevin A. McGrail" wrote: > Frightening indeed. Procmail still gives me nightmares. Yes. I replaced Procmail with Mail::Audit: http://search.cpan.org/~rjbs/Mail-Audit-2.227/lib/Mail/Audit.pm and now my local delivery agent filter is much easier to configure

Re: rdns in received header

2013-02-21 Thread Matus UHLAR - fantomas
On 20.02.13 20:51, Jeff Mincy wrote: My local ISP (rcn.com) reconfigured their email servers. The 69.168.97.77 hop does not seem to be doing rdns lookups on the previous hop. For example, I get these two received headers at the trust boundary: ... Received: from mx.rcn.com ([69.168.97.

Re: rdns in received header

2013-02-21 Thread Kevin A. McGrail
On 2/21/2013 9:03 AM, Jeff Mincy wrote: Well, I trust the network not to lie. This is more of an omission Your Clinton-esque logic likely doesn't apply here ;-). The land of RFC's works to avoid this type of logic in a language I call RFC-eeze. See http://www.ietf.org/rfc/rfc2119.txt whi

Re: rdns in received header

2013-02-21 Thread Jeff Mincy
From: "Kevin A. McGrail" Date: Thu, 21 Feb 2013 08:46:40 -0500 On 2/20/2013 8:51 PM, Jeff Mincy wrote: > ... > > This leads to various bad things (RDNS_NONE & broken WHITELIST_FROM_RCVD) > > Is there anything in SpamAssassin that can deal more elegantly with > this p

Re: rdns in received header

2013-02-21 Thread Kevin A. McGrail
On 2/20/2013 8:51 PM, Jeff Mincy wrote: ... This leads to various bad things (RDNS_NONE & broken WHITELIST_FROM_RCVD) Is there anything in SpamAssassin that can deal more elegantly with this particular problem? Perhaps Some sort of please_fill_in_rcvd_rdns type option? Off the cuff, the point