tba...@txbweb.de skrev den 2019-08-24 20:27:
Hello,
I would like to block mails from ip addresses that cant be found.
There is a tricky spam serie getting a low score. Currently I can
block the mails just be scoring the tdl.
I use the RelayCountry Plugin, but it dosnt work if the ip address is
not available.
header RELAYCOUNTRY_BAD X-Relay-Countries =~ /(List of country
codes)/
describe RELAYCOUNTRY_BAD Relayed through spam country at some
point
score RELAYCOUNTRY_BAD 3.5
correct rulee, but geoip is not working in your install
Here some infos of an header examples
X-Spam-Status: Yes, score=11.891 tag=2 tag2=6.31 kill=6.31
tests=[AM.WBL=7,
BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1,
DKIM_VALID_EF=-0.1, FROMSPACE=0.001, FROM_SUSPICIOUS_NTLD=0.5,
FSL_BULK_SIG=1.596, HTML_MESSAGE=0.001, PYZOR_CHECK=1.392,
RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
T_REMOTE_IMAGE=0.01] autolearn=no autolearn_force=no
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mail;
d=strapdebut.pro;
h=From:Date:MIME-Version:Subject:To:Message-ID:Content-Type;
i=nonse...@strapdebut.pro;
bh=p2qRX9+f0yHDj3jqqnVU4hoNG58=;
b=MmuxhWP6r2xfmasBMUUXqDc0ai2/zlR9ZgmBZPvsbo3fgl6m4dBkmpVvVqZo2DMgiee7I6Msp07c
3xIc7SbGGs9QOFGZYkaQpYpY56zW8AqjIWQvbC6D6jVq43P/7yF6nwrI7GrHTKgeL6/SAtzCUpf2
HOR8Zr3N45GuMa5iHdc=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mail;
d=strapdebut.pro;
b=UH6pdk+pAUj1o9TF7Z0RySxRb7AFJUL4yori8RZ99Wd4nxABrPXndv88xSVu2rfBPTlQO/8KbdP4
O2fJMJeSMRS+4Q7IFkjbMSkwYi+wGXZkcU10diEVt24i7bQf9l1zRNMQ9zV7GlAs4XeqAjEqGvV1
SmcUvgGYccNp65I07nQ=;
From: " Carol Yates" <nonse...@strapdebut.pro>
Date: Sat, 24 Aug 2019 12:48:11 -0500
MIME-Version: 1.0
Subject: ACs are going to be extinct after this discovery
if the dkim singed domain is the spamming domain, you could then make
header test for this aswell
Aug 24 19:54:38 mx2 amavis[3405]: (03405-11) Blocked SPAM
{RejectedOpenRelay,Quarantined}, [45.141.151.5]:2812 [45.141.151.5]
<nonse...@strapdebut.pro> -> <user@domain>, quarantine:
N/spam-NHIkGYse9Osv.gz, Message-ID:
<aegv4bk4h7smgwcq-ywdx3qgmoinnudsw-mbj1q4rq4.zz_c59zjjs9vofj7gws...@strapdebut.pro>,
mail_id: NHIkGYse9Osv, Hits: 11.891, size: 9352, 2697 ms
amavisd missing your wan ips, so it thinks you are openrelay, so policy
banks is incorrect selected
# geoiplookup 45.141.151.5
GeoIP Country Edition: IP Address not found
GeoIP City Edition, Rev 1: IP u not found
GeoIP ASNum Edition: IP Address not found
make sure geoip is installed correect
None of the mails is listed at hostkarma.junkemailfilter.com. I also
use junkemailfilter to score spam.
unmaintained now
