Obvious spam getting through

Peter Lemieux mailscanner at replies.cyways.com
Fri Dec 16 15:08:38 UTC 2016


I didn't even know there was a "blacklist_from" directive in SpamAssassin. 
In fact, there are quite a variety of such controls.  I noticed that while 
there is a whitelist_from_rcvd which looks at Received headers, there is no 
corresponding blacklist_from_rcvd.  I wonder if that means blacklist_from 
includes both Received and From headers?

Details here: 
https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#whitelist_and_blacklist_options

I generally use the whitelisting and blacklisting rulesets in MailScanner 
itself for these tasks.  Maybe someone here can remind us whether a 
blacklisted From in those rulesets applies to the Received headers, or to 
the Return-Path, as well as the From address itself.  See the "Is Definitely 
Spam" directive in MailScanner.conf.

Peter


On 12/16/2016 09:37 AM, Tracy Greggs wrote:
> I create a file called x-blacklisted-tlds.cf and put it in the same folder
> as your local.cf, on Centos in /etc/mail/spamassassin/.  When spamassassin
> fires it looks at all cf files there in alphabetical order, so in my case
> the x-blacklisted-tlds.cf is read last on purpose.
>
> The contents look like this:
>
> blacklist_from *@*.top
> blacklist_from *@*.xzy
>
> etc.etc.etc.
>
> Since I use the latest version of MailWatch also, this allows me to
> whitelist any that are legit although like Peter says, I haven't had a
> single complaint either.  In MW, these will be color coded black just like
> they would if you had them in the MW SQL blacklist unless you whitelist the
> sender with MW which overrides the SA blacklist_from in your cf file.
>
> Regards,
> Tracy Greggs
>
> -----Original Message-----
> From: MailScanner
> [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info
> ] On Behalf Of Peter H. Lemieux
> Sent: Wednesday, December 14, 2016 4:42 PM
> To: MailScanner Discussion
> Subject: Re: Obvious spam getting through
>
> If you don't want to reject them outright, bump up their scores in
> SpamAssassin with a rule like
>
> header TOP_DOMAIN         /Return-Path.*\.top/
> score TOP_DOMAIN          3
>
> Peter
>
>
> On 12/14/2016 05:26 PM, Sterling Chavis wrote:
>> Thank you. The ones that are getting through are all .top domains as
>> far as I can see. I'll use this method and see how it goes.
>>
>>
>> On 12/14/2016 12:10 PM, Peter Lemieux wrote:
>>> I deal with these by refusing mail for most of the new top-level
>>> domains like .top.  I've never seen any legitimate mail from any of
>>> those, nor have I received any complaints about missing messages.  My
>>> current blacklist includes:
>>>
>>> click
>>> date
>>> faith
>>> party
>>> link
>>> xyz
>>> download
>>> top
>>> space
>>> win
>>> stream
>>> gdn
>>> website
>>> bid
>>> loan
>>> review
>>> science
>>>
>>> I handle this screening via the access database in sendmail, not
>>> through MailScanner.
>>>
>>> Peter
>>>
>>>
>>> On 12/14/2016 02:03 PM, Sterling Chavis wrote:
>>>> The other day I started to get slammed with spam. SpamAssassin was
>>>> doing a very good job before that, and is still catching many.
>>>> Couldthey be spoofing the X-Mailscanner headers to bypass my
>>>> mailscan rules? Here is an example of the ones that are getting
>>>> through:
>>>>
>>>> Return-Path:
>>>> <chronic.constipation.remedy at pessimist.rightcontipationscare.top>
>>>
>>>
>>
>>
>>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>


More information about the MailScanner mailing list