Am 11.05.2015 um 15:42 schrieb Alex Regan:
I have a fp that was passed through thomsonreuters, hitting RCVD_IN_DNSWL_HI, receiving -5 points, from an obvious hacked account.http://pastebin.com/5LYS7s2v This is with v3.4.1, but an older bayes database, so perhaps it needs to be rebuilt. Even with BAYES_99, it still wouldn't have been tagged properly, however. I'm curious if there's anything further that could have been done to block this outside of a body rule matching this specific pattern? Is it also interesting that thomsonreuters.com has no SPF information?
complain at dnswl.org and in the meantime you can override in "local.cf" if it's really worth because normally the high-trusted dnswl.org response is not from spammers and likely the problem will be solved soon by delisting or fix the hacked account
score RCVD_IN_DNSWL_HI -2.0
signature.asc
Description: OpenPGP digital signature
