One spammer is persistently slipping through....

Remco Barendse mailscanner at BARENDSE.TO
Mon Apr 26 13:52:06 IST 2004


Heh :) Have been using MailScanner and SpamAss for ages and never realized
this.

How can I make SA use spamhaus instead of MailScanner? Spamhaus is in my
spam.lists.conf but guess this isn't the right place to put it?

How do you add blacklists to SA?


On Mon, 26 Apr 2004, Martin Hepworth wrote:

> Remco
>
> that's because you are doing the spamhaus checking in MailScanner, not
> Spamassassin - therefore no spamassassin score...
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Remco Barendse wrote:
> > I got this in the header of another e-mail:
> > X-gw-MailScanner-SpamCheck: spam, SBL+XBL, spamhaus-XBL,
> >         SpamAssassin (score=32.458, required 6, CHARSET_FARAWAY 6.00,
> >         CHARSET_FARAWAY_HEADER 4.00, FORGED_HOTMAIL_RCVD 0.00,
> >         FORGED_MUA_OUTLOOK 1.58, MIME_CHARSET_FARAWAY 6.00,
> >         MSGID_FROM_MTA_SHORT 3.31, NORMAL_HTTP_TO_IP 0.21,
> >         NO_RDNS_DOTCOM_HELO 2.95, RCVD_IN_DSBL 1.10, RCVD_IN_NJABL 0.10,
> >         RCVD_IN_NJABL_PROXY 1.10, RCVD_IN_RFCI 0.10,
> >         UNWANTED_LANGUAGE_BODY 6.00)
> >
> > spamhaus us mention at the top (twice) but there is no score shown
> > for it. Is this correct?
> >
> >
> >
> > On Mon, 26 Apr 2004, Remco Barendse wrote:
> >
> >
> >>Thanks for the tip!
> >>
> >>Unfortunately this is not really an option for me, my ISP has batched SMTP
> >>running for the domain and rejecting it through a firewall rule will only
> >>cause the mail to get queued in bstmp.
> >>
> >>Maybe I can add it to my spam blacklist rule set, not sure of the correct
> >>format though. All examples seem to simply short the ip of the last
> >>digits, can I specify a /20 too?
> >>
> >>Thanks again!
> >>Remco
> >>
> >>
> >>On Mon, 26 Apr 2004, Raymond Dijkxhoorn wrote:
> >>
> >>
> >>>Hi!
> >>>
> >>>
> >>>>Weird, I use every blocklist that comes with MailScanner, it wasn't picked
> >>>>up by any of them.
> >>>
> >>>Its for sure listed in the spamhaus DB.
> >>>
> >>>
> >>>>Nullrouting sounds cool :)
> >>>>
> >>>>How can I nullroute a complete ip range?
> >>>
> >>>You can do that on different places... on your edge router, assuming its a
> >>>cisco:
> >>>
> >>>ip route 66.249.96.0 255.255.240.0 null0
> >>>
> >>>Or simply in iptables something like:
> >>>
> >>>-A ETH0-INPUT -s 66.249.96.0/20 -p tcp -i eth0 --dport 25 -j REJECT
> >>>
> >>>Like that.
> >>>
> >>>A nullroute on the network edge is most of the time easiest ...
> >>>
> >>>Bye,
> >>>Raymond.
> >>>
> >>>-------------------------- MailScanner list ----------------------
> >>>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> >>>For further info about MailScanner, please see the Most Asked
> >>>Questions at    http://www.mailscanner.biz/maq/     and the archives
> >>>at    http://www.jiscmail.ac.uk/lists/mailscanner.html
> >>>
> >>
> >>-------------------------- MailScanner list ----------------------
> >>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> >>For further info about MailScanner, please see the Most Asked
> >>Questions at    http://www.mailscanner.biz/maq/     and the archives
> >>at    http://www.jiscmail.ac.uk/lists/mailscanner.html
> >>
> >
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> > For further info about MailScanner, please see the Most Asked
> > Questions at    http://www.mailscanner.biz/maq/     and the archives
> > at    http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> For further info about MailScanner, please see the Most Asked
> Questions at    http://www.mailscanner.biz/maq/     and the archives
> at    http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
For further info about MailScanner, please see the Most Asked
Questions at    http://www.mailscanner.biz/maq/     and the archives
at    http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list