The email below originated from a dynamic IP address, but was sent via a
normal relay. However, the origin IP address triggered some RBL checks
that I don't think it should have. Specifically, the RCVD_IN_DYNABLOCK
check. Note that 192.168.10.250 is a local (within the LAN) relay.
Also the email was sent from Outlook Express, so there is still a problem
with SA's analysis of HTML that Outlook can create.
Here is the SA report:
-----------------------------
Content analysis details: (9.4 points, 7.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.1 HTML_MESSAGE BODY: HTML included in message
2.0 RCVD_IN_DNSBL_AU RBL: Received from IP address listed in SPEWS
[81.152.14.12 listed in t1.dnsbl.net.au]
[ Note, I've changed my config to use the "t3" list instead of the "t1"
list ]
3.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP
[81.152.14.12 listed in dnsbl.njabl.org]
2.6 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[81.152.14.12 listed in dnsbl.sorbs.net]
[above is the problem check, as the headers show, it was not directly
received from 81.152.14.12]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[81.152.14.12 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[81.152.14.12 listed in dnsbl.njabl.org]
1.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
-----------------------------
Here are the headers of the original email that triggered the checks:
---------- Forwarded message ----------
Return-Path: <deleted>
X-Original-To: <deleted>
Delivered-To: <deleted>
Received: from mail.paxonet.com (postoffice.coreel.com [192.168.10.250])
by coremail.paxonet.com (Postfix) with ESMTP id 989285730C
for <<deleted>>; Fri, 19 Dec 2003 16:02:35 -0800 (PST)
Received: from smtp1.us4.outblaze.com (205-158-62-78.outblaze.com
[205.158.62.78])
by mail.paxonet.com (Postfix) with SMTP id 86ED987432
for <<deleted>>; Fri, 19 Dec 2003 16:02:35 -0800 (PST)
Received: (qmail 16891 invoked from network); 20 Dec 2003 00:02:34 -0000
Received: from unknown (HELO Arnold) (<deleted>:[EMAIL PROTECTED])
by 205-158-62-78.outblaze.com with SMTP; 20 Dec 2003 00:02:34 -0000
Message-ID: <[EMAIL PROTECTED]>
Reply-To: "Arnold Matthews" <deleted>
From: "Arnold Matthews" <deleted>
To: "Ed Matthews" <deleted>,
"Simon (work) Matthews" <deleted>
Subject: Noises
Date: Fri, 19 Dec 2003 23:38:47 -0000
MIME-Version: 1.0
X-Security: MIME headers sanitized on coremail
See http://www.impsec.org/email-tools/sanitizer-intro.html
for details. $Revision: 1.139 $Date: 2003-09-07 10:14:23-07
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0007_01C3C689.3F78B3C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
[Rest of the email is deleted]
Simon
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
