How are RCVD_IN_* rules implemented Karsten? I have similar spam being sent from such addresses as bidwars.uy...@trgide.soldiersupplywell.net and I dont see that rule in the matching rules
Running mailwatch for mailscanner with spamassassin Thanks peter -----Original Message----- From: Karsten Bräckelmann [mailto:guent...@rudersport.de] Sent: Wednesday, 13 October 2010 10:05 a.m. To: users@spamassassin.apache.org Subject: Re: Constant .info domain spam On Tue, 2010-10-12 at 10:32 -1000, Julian Yap wrote: > NOTE: I changed the domains below to 'dot info' as the mailing list > rejected my initial submission. > > I'm pretty sure it's not just me but there is some constant spamming > from dot info domains. Perhaps for the past 2 months or so. > > Often they send hundreds per day and consistently from the same IP's. > > Are people using automated IP blacklists or something like that? Yes. SA even uses them by default. What do your SA rules triggered look like? Check your identified spam. Do you see RCVD_IN_* rules? If not, you are having DNS problems, or deliberately disabled those network checks. -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
