On Wed, 2009-06-17 at 18:02 +0300, Ibrahim Harrani wrote: > http://pastebin.com/m6a027715 See if you can spot the keys; 1. Received: from unknown #if you don't know who you are goodbye. 2 (HELO xxxx.user.xxxxx) #mail servers don't tend to HELO/EHLO with 'user' 'dsl' 'ppp' as a rule. 3.(62.57.252.74) 62.57.252.74 listed in b.barracudacentral.org. 62.57.252.74 listed in XBL NJABL 62.57.252.74 listed in PBL (SPAMHAUS) 62.57.252.74 listed in dul.dnsbl.sorbs.net 62.57.252.74 listed in cbl.abuseat.org. 62.57.252.74 listed in no-more-funn.moensted.dk. 62.57.252.74 listed in ix.dnsbl.manitu.net. 2. Subject: Christian sex - What Are Goood Christian sex Pradctices? #funny that attempts to mis-spell the wrong keywords here. sex x 2 would be good enough for me, but that's with hindsight.
> http://pastebin.com/d2c94dba0 1 Received: from unknown #again if you don't know who you are.... 2. telecomitalia.it #do you ever get *anything* legitimate from them? 3. 82.49.96.239 listed in PBL (ISP) 82.49.96.239 listed in dul.dnsbl.sorbs.net 82.49.96.239 listed in no-more-funn.moensted.dk. 4. PTR RECORD ADVERTISING DYNAMIC HOST: host239-96-dynamic.49-82-r.retail.telecomitalia.it. HENCE: listed in PBL 5. Subject: How too Introduce Men to Your GG Spot Location #useful keys but careful ones. Not so interested in the carnage that could be 'how to. location', but 'G Spot' would be easy to pick out. Again, useful hindsight. > http://pastebin.com/m21c9df0 Skipping the unknowns (no more need for comedy effect) 86.110.151.117 listed in b.barracudacentral.org. 86.110.151.117 listed in XBL NJABL 86.110.151.117 listed in cbl.abuseat.org. 86.110.151.117 listed in no-more-funn.moensted.dk. 86.110.151.117 listed in ix.dnsbl.manitu.net. No PTR record. > http://pastebin.com/m775253b7 Again unknown, again that same old ISP spam machine 88.52.177.53 listed in b.barracudacentral.org. 88.52.177.53 listed in XBL NJABL 88.52.177.53 listed in cbl.abuseat.org. 88.52.177.53 listed in bl.spamcop.net. 88.52.177.53 listed in ix.dnsbl.manitu.net. This one reports static in PTR: host53-177-static.52-88-b.business.telecomitalia.it but 'unknown' would have already had me drop it. My view, if you can't set your server up properly with correct DNS and are not monitoring your logs for 5xx errors, I don't really need your mail. > http://pastebin.com/d2c94dba0 Again unknown, again that same old ISP spam machine 82.49.96.239 listed in PBL (ISP) 82.49.96.239 listed in dul.dnsbl.sorbs.net 82.49.96.239 listed in no-more-funn.moensted.dk. Subject with G Spot PTR again dynamic (confirms PBL) host239-96-dynamic.49-82-r.retail.telecomitalia.it > http://pastebin.com/m21c9df0 Again unknown 86.110.151.117 listed in b.barracudacentral.org. 86.110.151.117 listed in XBL NJABL 86.110.151.117 listed in cbl.abuseat.org. 86.110.151.117 listed in no-more-funn.moensted.dk. 86.110.151.117 listed in ix.dnsbl.manitu.net. No PTR > http://pastebin.com/m775253b7 already posted above - 3 back. > Let me know if these are not enough. > > Thanks. > Again, this could have all been easily blocked ahead wasting the time of Spamassassin. The tools and keys are already there, they just need to be configured correctly. Even if they got as far as a correctly configured SA, it would have had most of them on the similar rules. In the PBL, keywords, DNS issues, Dynamic hosts. Spamassassin is expensive. Treat it like a Lawyer, only make it work if you have to :-)
