RE: mail slipping through

Thu, 20 Aug 2009 06:36:18 -0700 

On Wed, 19 Aug 2009, Gary Smith wrote:
Aug 19 14:53:10 hsoakmsa03l02 spamd[28319]: spamd: result: Y 5 - BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,RDNS_NONE,SPF_HELO_SOFTFAIL,URIBL_BLACK,URIBL_RHS_DOB scantime=0.1,size=4525,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=58357,mid=<503bb52.5...@biblegame.info>,bayes=0.499430,autolearn=no 

Here are some more from the same set/type of senders.


Aug 19 14:39:46 hsoakmsa03l02 spamd[28319]: spamd: result: Y 2 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_RHS_DOB 
scantime=0.2,size=4584,user=filter,uid=124, 
required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=37185,mid=<1359ae2.5...@parishstore.info>,bayes=0.490932,autolearn=no



Aug 19 14:45:18 hsoakmsa03l02 spamd[28319]: spamd: result: Y 4 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK,URIBL_RHS_DOB 
scantime=0.2,size=4516,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=33643,mid=<509800d.5...@biblegame.info>,bayes=0.498825,autolearn=no



Aug 19 14:46:52 hsoakmsa03l02 spamd[28319]: spamd: result: Y 5 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,RDNS_NONE,SPF_HELO_SOFTFAIL,URIBL_BLACK,URIBL_RHS_DOB 
scantime=0.1,size=4511,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=33664,mid=<2b19fe.5...@apostlesblog.info>,bayes=0.499484,autolearn=no



Aug 19 14:48:58 hsoakmsa03l02 spamd[29369]: spamd: result: Y 4 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK,URIBL_RHS_DOB 
scantime=4.0,size=4610,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=54478,mid=<1359ae2.5...@parishstore.info>,bayes=0.490647,autolearn=no



Aug 19 14:50:54 hsoakmsa03l02 spamd[28319]: spamd: result: Y 4 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK,URIBL_RHS_DOB 
scantime=0.1,size=4554,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=54515,mid=<5b96444.5...@parishstore.info>,bayes=0.446187,autolearn=no



Aug 19 14:53:10 hsoakmsa03l02 spamd[28319]: spamd: result: Y 5 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,RDNS_NONE,SPF_HELO_SOFTFAIL,URIBL_BLACK,URIBL_RHS_DOB 
scantime=0.1,size=4525,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=58357,mid=<503bb52.5...@biblegame.info>,bayes=0.499430,autolearn=no



Aug 19 14:53:11 hsoakmsa03l02 spamd[28319]: spamd: result: Y 5 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,RDNS_NONE,SPF_HELO_SOFTFAIL,URIBL_BLACK,URIBL_RHS_DOB 
scantime=0.1,size=5905,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=58363,mid=<503bb52.5...@biblegame.info>,bayes=0.496882,autolearn=no



Aug 19 14:53:43 hsoakmsa03l02 spamd[28319]: spamd: result: Y 4 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK,URIBL_RHS_DOB 
scantime=0.1,size=4579,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=58369,mid=<5b96444.5...@parishstore.info>,bayes=0.446202,autolearn=no



Aug 19 14:55:38 hsoakmsa03l02 spamd[28319]: spamd: result: Y 5 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,RDNS_NONE,SPF_HELO_SOFTFAIL,URIBL_BLACK,URIBL_RHS_DOB 
scantime=0.2,size=4508,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=58422,mid=<2b19fe.5...@biblegame.info>,bayes=0.499487,autolearn=no



Aug 19 14:56:17 hsoakmsa03l02 spamd[28319]: spamd: result: Y 5 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,RDNS_NONE,SPF_HELO_SOFTFAIL,URIBL_BLACK,URIBL_RHS_DOB 
scantime=0.2,size=4545,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=58442,mid=<1a25f92.5...@biblegame.info>,bayes=0.498743,autolearn=no



Aug 19 14:58:42 hsoakmsa03l02 spamd[28319]: spamd: result: Y 4 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK,URIBL_RHS_DOB 
scantime=0.2,size=4594,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=52316,mid=<1a25f92.5...@parishstore.info>,bayes=0.487605,autolearn=no



Aug 19 15:03:11 hsoakmsa03l02 spamd[28319]: spamd: result: Y 4 - 
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK,URIBL_RHS_DOB 
scantime=0.2,size=4543,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=53097,mid=<509800d.5...@biblegame.info>,bayes=0.498828,autolearn=no



All BAYES_50? Silly question, but are you sure you're properly training? 
Running sa-learn as the right user, and all that?



All but one have subsecond scan times. Did you score an old Cray or 
something? :) That might indicate a problem, not sure.


So you have any SMTP-time DNSBL checks in place on the public MTA?

--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  W-w-w-w-w-where did he learn to n-n-negotiate like that?
-----------------------------------------------------------------------
 5 days until the 1930th anniversary of the destruction of Pompeii






















					Reply via email to