sent reply directly, sotrry - here's for the list
On 10/22/2013 10:33 PM, Quanah Gibson-Mount wrote:
I don't get the concern about VMW. The vmw hosts are *my* MTAs and in
mynetworks.
mail.zimbra.com -> load balanced name for edge01-zcs.vmware.com,
edge02-zcs.vmware.com
The SPAM did not originate with my servers... It originated elsewhere.
This is rather clear:
Received: from c115-smtp.pumpery.com (c115-smtp.pumpery.com [5.135.12.243])
by edge02-zcs.vmware.com (Postfix) with ESMTP id 76999784
for <>; Tue, 22 Oct 2013 11:27:05 -0700 (PDT)
pumpery.com is the originator of this spam. I've blacklisted the from
in the meantime.
If pumpery.com was in the msg's body, the URIBL plugin should have
detected them
yet another snowshoer on OVH (5.135.12.128/25)
I hope, for your health, that you're going to blacklist every from in a
missed spam
pumpery.com listed on black.uribl.com
pumpery.com listed on jp.surbl.org
pumpery.com listed on sc.surbl.org
pumpery.com listed on dbl.spamhaus.org
You've missed the point.
mynetworks is not SA - it's Postfix and SA knows nothing about this
config option.
as you have SA configured, RBL lookups are done against the vmware IPs
and I doubt those will be blacklisted, anywhere.
If you add 208.91.0.0/22 to your SA trusted_networks (in local.cf)
SA will not lookup up those IPs but the ones before,
"http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.txt";
NETWORK TEST OPTIONS
trusted_networks
internal_networks
This will increase detection accuracy
h2h
