One spammer is persistently slipping through....

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Mon Apr 26 13:14:04 IST 2004


Remco

that's because you are doing the spamhaus checking in MailScanner, not
Spamassassin - therefore no spamassassin score...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Remco Barendse wrote:
> I got this in the header of another e-mail:
> X-gw-MailScanner-SpamCheck: spam, SBL+XBL, spamhaus-XBL,
>         SpamAssassin (score=32.458, required 6, CHARSET_FARAWAY 6.00,
>         CHARSET_FARAWAY_HEADER 4.00, FORGED_HOTMAIL_RCVD 0.00,
>         FORGED_MUA_OUTLOOK 1.58, MIME_CHARSET_FARAWAY 6.00,
>         MSGID_FROM_MTA_SHORT 3.31, NORMAL_HTTP_TO_IP 0.21,
>         NO_RDNS_DOTCOM_HELO 2.95, RCVD_IN_DSBL 1.10, RCVD_IN_NJABL 0.10,
>         RCVD_IN_NJABL_PROXY 1.10, RCVD_IN_RFCI 0.10,
>         UNWANTED_LANGUAGE_BODY 6.00)
>
> spamhaus us mention at the top (twice) but there is no score shown
> for it. Is this correct?
>
>
>
> On Mon, 26 Apr 2004, Remco Barendse wrote:
>
>
>>Thanks for the tip!
>>
>>Unfortunately this is not really an option for me, my ISP has batched SMTP
>>running for the domain and rejecting it through a firewall rule will only
>>cause the mail to get queued in bstmp.
>>
>>Maybe I can add it to my spam blacklist rule set, not sure of the correct
>>format though. All examples seem to simply short the ip of the last
>>digits, can I specify a /20 too?
>>
>>Thanks again!
>>Remco
>>
>>
>>On Mon, 26 Apr 2004, Raymond Dijkxhoorn wrote:
>>
>>
>>>Hi!
>>>
>>>
>>>>Weird, I use every blocklist that comes with MailScanner, it wasn't picked
>>>>up by any of them.
>>>
>>>Its for sure listed in the spamhaus DB.
>>>
>>>
>>>>Nullrouting sounds cool :)
>>>>
>>>>How can I nullroute a complete ip range?
>>>
>>>You can do that on different places... on your edge router, assuming its a
>>>cisco:
>>>
>>>ip route 66.249.96.0 255.255.240.0 null0
>>>
>>>Or simply in iptables something like:
>>>
>>>-A ETH0-INPUT -s 66.249.96.0/20 -p tcp -i eth0 --dport 25 -j REJECT
>>>
>>>Like that.
>>>
>>>A nullroute on the network edge is most of the time easiest ...
>>>
>>>Bye,
>>>Raymond.
>>>
>>>-------------------------- MailScanner list ----------------------
>>>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>>>For further info about MailScanner, please see the Most Asked
>>>Questions at    http://www.mailscanner.biz/maq/     and the archives
>>>at    http://www.jiscmail.ac.uk/lists/mailscanner.html
>>>
>>
>>-------------------------- MailScanner list ----------------------
>>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>>For further info about MailScanner, please see the Most Asked
>>Questions at    http://www.mailscanner.biz/maq/     and the archives
>>at    http://www.jiscmail.ac.uk/lists/mailscanner.html
>>
>
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> For further info about MailScanner, please see the Most Asked
> Questions at    http://www.mailscanner.biz/maq/     and the archives
> at    http://www.jiscmail.ac.uk/lists/mailscanner.html

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
For further info about MailScanner, please see the Most Asked
Questions at    http://www.mailscanner.biz/maq/     and the archives
at    http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list