On 01/21/2015 11:47 PM, David Mehler wrote: > Hello, > > I'm running SA 3.4 and am getting several messages like both of these, > headers below, that are getting through. I've run sa-learn on my Spam > folder to train Sa, but still they're getting through. There are two > separate sets of full headers x-d out to avoid giving server > information, but revealing the spam stuff. If anyone has any > suggestions on how to tighten this I'd like to know. > ... > X-Spam-Status: > No, score=-0.009 tagged_above=-999 required=1.2 > tests=[T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham > autolearn_force=no
Both of your tests show URIBL_BLOCKED. It appears you are not able to contact a particular DNSBL server (because you're blocked). Unless you run a large email system and send a lot of requests to the server, you are most likely blocked due to using a common nameserver (such as your ISPs nameserver). You may wish to run your own caching nameserver to avoid this problem (if this is why you're blocked). > Received: > from work11.suddenaffair.rocks (work11.suddenaffair.rocks > [104.140.56.120]) by mail.xxx.com (Postfix) with ESMTP id 509715E252 > for <x...@xxx.com>; Thu, 22 Jan 2015 00:09:33 -0500 (EST) > I just checked this IP address (104.140.56.120) and it's listed in at least 7 blocklists. You'll need to find out why you're "blocked". Once you can contact the DNSBL server(s), you should be able to catch spam like these two. -Thom
