Re: low score on very spammy email

Tue, 10 Apr 2018 15:14:14 -0700 

On 04/10/2018 05:04 PM, Leandro wrote:
2018-04-10 18:52 GMT-03:00 David Jones <djo...@ena.com <mailto:djo...@ena.com>>: 

    On 04/10/2018 04:47 PM, Leandro wrote:

        2018-04-10 17:49 GMT-03:00 Motty Cruz <motty.c...@gmail.com
        <mailto:motty.c...@gmail.com> <mailto:motty.c...@gmail.com
        <mailto:motty.c...@gmail.com>>>:

             I apologize here is the email headers and body

        https://pastebin.com/bgXrfKaQ



        You should not take this domain mrface.com <http://mrface.com>
        <http://mrface.com> seriously because it is a TLD used for free
        dynamic IP service (changeip.com <http://changeip.com>
        <http://changeip.com>).

        There is even a fake Windows Update domain in this TLD:

        ubuntu@matrix:~$ dig +short A windowsupdate.mrface.com
        <http://windowsupdate.mrface.com>
        <http://windowsupdate.mrface.com <http://windowsupdate.mrface.com>>
        185.133.40.63




             Thanks,



    I noticed it was listed on the DBL dnsbl.spfbl.net
    <http://dnsbl.spfbl.net> and was just working to add that to my
    local rules.  Anyone know how to set this DBL up in SA?  I am trying
    to find an example in the stock SA rules now...



Yes. We list any IP using any free dynamic TLD.

A legit mail server never uses crap, or shouldn't use.

Documentation to set this DNSBL at SA:

https://spfbl.net/en/dnsbl/



    -- 
    David Jones





I found an example in KAM.cf:

[root@server spamassassin]# pwd
/etc/mail/spamassassin
[root@server spamassassin]# cat 99_spfbl.cf
ifplugin Mail::SpamAssassin::Plugin::DNSEval

header          __RCVD_IN_SPFBL eval:check_rbl('spfbl', 'dnsbl.spfbl.net')
tflags          __RCVD_IN_SPFBL net

header          __RCVD_IN_SPFBL_3       eval:check_rbl_sub('spfbl', '127.0.0.3')
meta            RCVD_IN_SPFBL   __RCVD_IN_SPFBL_3 && !RCVD_IN_SPFBL_LASTEXT
describe        RCVD_IN_SPFBL   Received is listed in SPFBL.net RBL
score           RCVD_IN_SPFBL   1.2
tflags          RCVD_IN_SPFBL   net


header		RCVD_IN_SPFBL_LASTEXT	eval:check_rbl('spfbl-lastexternal', 
'dnsbl.spfbl.net')

describe        RCVD_IN_SPFBL_LASTEXT   Last external is listed in SPFBL.net RBL
score           RCVD_IN_SPFBL_LASTEXT   2.2
tflags          RCVD_IN_SPFBL_LASTEXT   net

endif

ifplugin Mail::SpamAssassin::Plugin::AskDNS

askdns          SENDER_IN_SPFBL _SENDERDOMAIN_.dnsbl.spfbl.net A 
/^127\.0\.0\.3$/
tflags          SENDER_IN_SPFBL nice net
describe        SENDER_IN_SPFBL Sending domain listed in SPFBL.net DBL
score           SENDER_IN_SPFBL 2.2

endif

--
David Jones


























					Reply via email to