Re: spamass filter blocked yahoo, but why?

Reindl Harald Thu, 12 Mar 2015 13:31:01 -0700


Am 12.03.2015 um 21:23 schrieb @lbutlr:

On Mar 12, 2015, at 2:07 PM, @lbutlr <krem...@kreme.com> wrote:

But it was NOT a junk mail from yahoo, it was a message from my brother’s yahoo 
account that said only “Kill it”.

Just in case I am misinterpreting something here….

Mar 11 22:28:33 mail postfix/smtpd[79324]: connect from 
nm20-vm5.bullet.mail.ne1.yahoo.com[98.138.91.242]
Mar 11 22:28:33 mail postfix/smtpd[79324]: Anonymous TLS connection established 
from nm20-vm5.bullet.mail.ne1.yahoo.com[98.138.91.242]: TLSv1 with cipher 
ECDHE-RSA-RC4-SHA (128/128 bits)
Mar 11 22:28:34 mail policyd-spf[79325]: None; identity=helo; 
client-ip=98.138.91.242; helo=nm20-vm5.bullet.mail.ne1.yahoo.com; 
envelope-from=*brother*@yahoo.com; receiver=kr...@kreme.com
Mar 11 22:28:34 mail policyd-spf[79325]: Pass; identity=mailfrom; 
client-ip=98.138.91.242; helo=nm20-vm5.bullet.mail.ne1.yahoo.com; 
envelope-from=*brother*@yahoo.com; receiver=kr...@kreme.com
Mar 11 22:28:34 mail postfix/smtpd[79324]: 3l2cbk5MbNzJMhn: 
client=nm20-vm5.bullet.mail.ne1.yahoo.com[98.138.91.242]
Mar 11 22:28:34 mail postfix/cleanup[79271]: 3l2cbk5MbNzJMhn: 
message-id=<2c89470b-6522-413d-813b-a7e6f242c...@yahoo.com>
Mar 11 22:28:34 mail spamd[70438]: spamd: connection from localhost [::1]:39788 
to port 783, fd 6
Mar 11 22:28:34 mail spamd[70438]: spamd: handle_user (userdir) unable to find 
user: 'kr...@kreme.com'
Mar 11 22:28:34 mail spamd[70438]: spamd: processing message 
<2c89470b-6522-413d-813b-a7e6f242c...@yahoo.com> for kr...@kreme.com:58
Mar 11 22:28:38 mail spamd[70438]: spamd: identified spam (10.6/5.0) for 
kr...@kreme.com:58 in 3.5 seconds, 8168 bytes.
Mar 11 22:28:38 mail spamd[70438]: spamd: result: Y 10 - 
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FORGED_YAHOO_RCVD,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RDNS_NONE,SPF_PASS,UNPARSEABLE_RELAY,URIBL_BLACK,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_RHS_DOB,URIBL_SBL_A,URIBL_SC_SURBL,URIBL_WS_SURBL
 
scantime=3.5,size=8168,user=kr...@kreme.com,uid=58,required_score=5.0,rhost=localhost,raddr=::1,rport=39788,mid=<2c89470b-6522-413d-813b-a7e6f242c...@yahoo.com>,autolearn=disabled
Mar 11 22:28:38 mail postfix/cleanup[79271]: 3l2cbk5MbNzJMhn: milter-reject: END-OF-MESSAGE from 
nm20-vm5.bullet.mail.ne1.yahoo.com[98.138.91.242]: 5.7.1 Blocked by SpamAssassin; 
from=<*brother*@yahoo.com> to=<kr...@kreme.com> proto=ESMTP 
helo=<nm20-vm5.bullet.mail.ne1.yahoo.com>
Mar 11 22:28:38 mail spamd[16674]: prefork: child states: II
Mar 11 22:28:38 mail postfix/smtpd[79324]: disconnect from 
nm20-vm5.bullet.mail.ne1.yahoo.com[98.138.91.242]


there are URL's - no matter from where they are comming
any message with *that* amount of URIBL hits has to be rejected
URIBL_BLACK,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_RHS_DOB,URIBL_SBL_A,URIBL_SC_SURBL,URIBL_WS_SURBL

FORGED_YAHOO_RCVD: that is suspect - sure that you internal networks and trusted networks are configured correctly?


FREEMAIL_ENVFROM_END_DIGIT: typical spammy "anything678@freemaildomain"

signature.asc
Description: OpenPGP digital signature

Re: spamass filter blocked yahoo, but why?

Reply via email to