Hi all Yesterday our mail server received unwanted email from simpliv.com. It was valid DKIM signed for mail.simpliv.com Despite the sender ip was listed at Sorbs the email even passed the bayesian filter:
Surprisingly the ip/domain is part of a SA shipped white list: Rule USER_IN_DEF_SPF_WL gave it -7.5! simpliv.com sent the spam to an email address which was used solely for registering an account with slack.com. It seems that simpliv.com bought/stole/harvested email addresses in shady ways and uses the email database as spam to advertise its courses. /var/lib/spamassassin/3.004002/updates_spamassassin_org/60_whitelist_auth.cf where the simpliv.com is added says: "These senders should be considered trusted following proper opt-in and opt-out practices,..." There was no proper opt-in, even Sorbs list them now, probably because they hit a honey pot, hence I request simpliv.com to be removed from this white list. Otherwise having spammers in this SA shipped white list makes the list useless. Any idea how to proceed? Thank you very much Jan Dev -- Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html
