Thank you, David.

Sorry I should have known to give you a more verbose listing of the
headers, I put one at the end for the "voicemail" spam.

I'm using a friend's MTA, which is perhaps the source of the recent
change - I'll have to check what they are doing. All my mail goes to a
spool directory in my home on "ofb.net" and then I have a script which
transfers the files and puts them into a maildir on my laptop. That
way I don't have to have an internet connection to search through old
email, mailing lists, and so on.

It looks like I have a lot of reading to do (or my admins). I had
thought that running spamassasin locally after I download my emails
would be sufficient - even preferable, since locally there is the
"Bayesian" database.

Thanks again,

Frederick

    Return-Path: <voicemailand...@southcentralmachine.arcoxmail.com>
    X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on thutmose
    X-Spam-Level:
    X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_05,HTML_MESSAGE,
            RDNS_NONE,T_SPF_TEMPERROR autolearn=no autolearn_force=no 
version=3.4.1
    X-Original-To: frede...@ofb.net
    Delivered-To: frede...@ofb.net
    Received: from [171.247.127.4] (unknown [171.247.127.4])
            by ofb.net (Postfix) with ESMTP id 7BEB441DB1   
            for <frede...@ofb.net>; Thu, 15 Dec 2016 06:01:58 -0800 (PST)
    Date: Thu, 15 Dec 2016 06:02:07 -0700
    To: frede...@ofb.net
    From: SureVoIP <voicemailand...@southcentralmachine.arcoxmail.com>
    Subject: Voicemail from 08449381540 <08449381540> 00:03:15
    Message-ID: <27d1c28da751b7dd3a731e04d7a620d4@localhost.localdomain>
    X-Priority: 3
    X-Mailer: PHPMailer 5.2.2 
(http://code.google.com/a/apache-extras.org/p/phpmailer/)
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
            boundary="b1_27d1c28da751b7dd3a731e04d7a620d4"


On Thu, Dec 15, 2016 at 04:42:16PM +0000, David Jones wrote:
> >From: frede...@ofb.net <frede...@ofb.net>
> >Sent: Thursday, December 15, 2016 9:33 AM
> >To: users@spamassassin.apache.org
> >Subject: recent increase in spam getting through
>  
> >    X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_05,HTML_MESSAGE,
> >           RDNS_NONE,T_SPF_TEMPERROR autolearn=no autolearn_force=no 
> >version=3.4.1
> 
> >    Date: Thu, 15 Dec 2016 02:09:18 -0700
> >    From: %GIRL_NAME Lyon <lyon_%girl_n...@feuz.com>
> >    To: frede...@ofb.net
> >    Subject: Re: Healthy soul in healthy body. Order Celexa now.
> >    X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_50,BODY_URI_ONLY,
> >            HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
> >            MIME_HTML_ONLY,RDNS_NONE,T_SPF_HELO_TEMPERROR,T_SPF_TEMPERROR 
> >autolearn=no
> >            autolearn_force=no version=3.4.1
> 
> Need to see the received headers to check RBLs.  Make sure you are doing
> RBL checks at the MTA.  If you are using Postfix, then enable Postscreen and 
> use it's
> postscreen_dnsbl_sites for weighting reliable RBLs high and unreliable RBLs 
> low.  There
> is a long thread on this in the archives.
> 
> http://marc.info/?l=spamassassin-users&m=146590518212907&w=2
> 
> Start with a short list like zen.spamhaus.org and mailspike then add new ones
> slowly over time until the email that hits SpamAssassin is mostly clean.  RBLs
> block 95% of the spam at the MTA level so my SpamAssassin only has to block
> a very small percentage of spam based on content (Subject, body, AV, etc.) 
> and Bayes.
> 
> I offset some of the RBLs with postwhite for major mail providers that are 
> often
> listed on RBLs but can't be blocked due to their size like comcast.net.  In 
> this
> case, I have to let them on to SpamAssassin for scoring.  As long as they 
> update
> their SPF record, then these will be let through but spoofers could be 
> blocked by
> RBLs:
> 
> https://github.com/stevejenkins/postwhite
> 
> Remember that it is very important to use you own recursive DNS server and not
> point to other DNS servers that will combine your DNS queries with others 
> which
> can be over the free usages limits set by the RBLs and cause URIBL_BLOCKED 
> hits.
> 
> http://marc.info/?l=spamassassin-users&m=147498536120314&w=2
> 
> Hope this helps,
> Dave

Reply via email to