One spammer is persistently slipping through....

Remco Barendse mailscanner at BARENDSE.TO
Mon Apr 26 12:36:45 IST 2004 

I got this in the header of another e-mail:
X-gw-MailScanner-SpamCheck: spam, SBL+XBL, spamhaus-XBL,
        SpamAssassin (score=32.458, required 6, CHARSET_FARAWAY 6.00,
        CHARSET_FARAWAY_HEADER 4.00, FORGED_HOTMAIL_RCVD 0.00,
        FORGED_MUA_OUTLOOK 1.58, MIME_CHARSET_FARAWAY 6.00,
        MSGID_FROM_MTA_SHORT 3.31, NORMAL_HTTP_TO_IP 0.21,
        NO_RDNS_DOTCOM_HELO 2.95, RCVD_IN_DSBL 1.10, RCVD_IN_NJABL 0.10,
        RCVD_IN_NJABL_PROXY 1.10, RCVD_IN_RFCI 0.10,
        UNWANTED_LANGUAGE_BODY 6.00)

spamhaus us mention at the top (twice) but there is no score shown
for it. Is this correct?



On Mon, 26 Apr 2004, Remco Barendse wrote:

> Thanks for the tip!
>
> Unfortunately this is not really an option for me, my ISP has batched SMTP
> running for the domain and rejecting it through a firewall rule will only
> cause the mail to get queued in bstmp.
>
> Maybe I can add it to my spam blacklist rule set, not sure of the correct
> format though. All examples seem to simply short the ip of the last
> digits, can I specify a /20 too?
>
> Thanks again!
> Remco
>
>
> On Mon, 26 Apr 2004, Raymond Dijkxhoorn wrote:
>
> > Hi!
> >
> > > Weird, I use every blocklist that comes with MailScanner, it wasn't picked
> > > up by any of them.
> >
> > Its for sure listed in the spamhaus DB.
> >
> > > Nullrouting sounds cool :)
> > >
> > > How can I nullroute a complete ip range?
> >
> > You can do that on different places... on your edge router, assuming its a
> > cisco:
> >
> > ip route 66.249.96.0 255.255.240.0 null0
> >
> > Or simply in iptables something like:
> >
> > -A ETH0-INPUT -s 66.249.96.0/20 -p tcp -i eth0 --dport 25 -j REJECT
> >
> > Like that.
> >
> > A nullroute on the network edge is most of the time easiest ...
> >
> > Bye,
> > Raymond.
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> > For further info about MailScanner, please see the Most Asked
> > Questions at    http://www.mailscanner.biz/maq/     and the archives
> > at    http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> For further info about MailScanner, please see the Most Asked
> Questions at    http://www.mailscanner.biz/maq/     and the archives
> at    http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
For further info about MailScanner, please see the Most Asked
Questions at    http://www.mailscanner.biz/maq/     and the archives
at    http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list