Re: URIBL_RHS_DOB high hits

Sat, 11 Oct 2014 15:30:07 -0700 


Am 12.10.2014 um 00:23 schrieb Reindl Harald:

Am 12.10.2014 um 00:18 schrieb Karsten Bräckelmann:

On Sat, 2014-10-11 at 23:40 +0200, Reindl Harald wrote:

it hits again and i doubt that sourceforge is a new domain
whatever the reason is - for me enough to disable it forever


Jumping to conclusions, aren't you?


yes - the conclusion is that it had way too much FP's recently


frankly it hitted even my own message you replied to
see at bottom


Oct 11 23:34:43 mail-gw spamd[28079]: spamd: result: . 0 -
BAYES_50,CUST_DNSWL_7,CUST_DNSWL_9,DKIM_ADSP_ALL,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD,URIBL_RHS_DOB,USER_IN_MORE_SPAM_TO

scantime=0.9,size=8902,user=sa-milt,uid=189,required_score=4.5,rhost=localhost,raddr=127.0.0.1,rport=39381,mid=<7655276d-92b5-4dbd-8041-6db5c4fb8...@tieman.se>,bayes=0.499983,autolearn=disabled

Oct 11 23:34:43 mail-gw postfix/qmgr[28308]: 3jFfYt4WVTz1l:
from=<netatalk-admins-boun...@lists.sourceforge.net>, size=8829, nrcpt=1
(queue active)


$ host sourceforge.net.dob.sibl.support-intelligence.net
Host sourceforge.net.dob.sibl.support-intelligence.net not found:
3(NXDOMAIN)

$ host tieman.se.dob.sibl.support-intelligence.net
tieman.se.dob.sibl.support-intelligence.net has address 127.0.0.2

$ whois tieman.se | grep 2014
created:          2014-01-11
modified:         2014-09-20


http://support-intelligence.com/dob/

how matchs the above "The dob list is a DNSRBL that contains domains
registered within the last five days"? the modified don't matter, the
domain exists over 9 months and the sender is a know, legit list member
of the netatalk list




Oct 11 23:40:33 mail-gw postfix/cleanup[1272]: 3jFfhc5zMfz1l: 
message-id=<5439a3b2.8040...@thelounge.net>
Oct 11 23:40:33 mail-gw spamd[28079]: spamd: processing message 
<5439a3b2.8040...@thelounge.net> for sa-milt:189
Oct 11 23:40:33 mail-gw spamd[28079]: spamd: result: . -4 - 
BAYES_00,CUST_DNSWL_7,CUST_DNSWL_9,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS,SPOOF_COM2OTH,T_RP_MATCHES_RCVD,URIBL_RHS_DOB,USER_IN_MORE_SPAM_TO 
scantime=0.5,size=5447,user=sa-milt,uid=189,required_score=4.5,rhost=localhost,raddr=127.0.0.1,rport=39407,mid=<5439a3b2.8040...@thelounge.net>,bayes=0.000000,autolearn=disabled


[root@mail-gw:~]$ cat maillog | grep 3jFfhc5zMfz1l

Oct 11 23:40:32 mail-gw postfix/smtpd[32281]: 3jFfhc5zMfz1l: 
client=hermes.apache.org[140.211.11.3]
Oct 11 23:40:33 mail-gw postfix/cleanup[1272]: 3jFfhc5zMfz1l: 
message-id=<5439a3b2.8040...@thelounge.net>
Oct 11 23:40:33 mail-gw postfix/qmgr[28308]: 3jFfhc5zMfz1l: 
from=<users-return-105700-h.reindl=thelounge....@spamassassin.apache.org>, 
size=5301, nrcpt=1 (queue active)
Oct 11 23:40:34 mail-gw postfix/smtp[28571]: 3jFfhc5zMfz1l: 
to=<h.rei...@thelounge.net>, relay=10.0.0.15[10.0.0.15]:10027, 
delay=1.4, delays=1.3/0/0.04/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: 
queued as 3jFfhf01wGz2W)

Oct 11 23:40:34 mail-gw postfix/qmgr[28308]: 3jFfhc5zMfz1l: removed






Attachment:
signature.asc

Description: OpenPGP digital signature


























					Reply via email to