You can see that 69.244.154.112 is listed in dnsbl.sorbs.net. Not sure
which MTA you are using but an rbl check might have found this and rejected
it at the MTA.
I run rbl checks using sendmail 8.13.3 and reject nearly 50% of mail based
on a combination of rbl checks and a fairly large access.db (Thank you Theo!)
Do you have an AV scanner running? If not, it helps as well...
$ spam-stats
SpamAssassin Results for:
Mon Jun 13 13:42:55 PDT 2005
spam: 166 / clean: 440 / skipped: 0
total: 606
processed: 606
=========================================
RBL rejects:
spamcop: 62
maps rbl+: 228
njabl.org: 13
spamhaus: 27
**Rejected due to pre-greeting traffic: 42
**Virus trapped: 15
Total rejected by access.db: 450
Ed Kasky
~~~~~~~~~
Randomly Generated Quote (322 of 477):
I'd enjoy the day more if it started later.
At 10:33 AM Monday, 6/13/2005, Jim Schueler wrote -=>
My users have been getting particularly insidious emails containing a
windows virus that purports to come from the system administrator.
One email header contains the following entry:
Received: from motorcityinteractive.com
(pcp09017048pcs.watrfd01.mi.comcast.net [69.244.154.112])
by mail.tqis.com (8.11.6/8.11.6) with ESMTP id j5AMQTR17538
for <[EMAIL PROTECTED]>; Fri, 10 Jun 2005 18:26:29 -0400
The host name in this line (motorcityinteractive) is obviously forged- but
not detected by SpamAssassin. Here is SpamAssassin's report on the email:
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 NO_REAL_NAME From: does not include a real name
1.7 MSGID_FROM_MTA_ID Message-Id for external message added locally
0.2 HTML_20_30 BODY: Message is 20% to 30% HTML
0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[69.244.154.112 listed in dnsbl.sorbs.net]
0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
1.1 PRIORITY_NO_NAME Message has priority, but no X-Mailer/User-Agent
I would expect this test would be part of the distributed SpamAssassin
configuration files. Can anybody recommend an approach other than
reinventing the wheel?
-Jim
------- End of Forwarded Message -------
--
Open WebMail Project (http://openwebmail.org)
