<div dir="ltr"><div>Stef<br>also turn off autolearning - found this not great for a population of more than a handful of users.<br><br></div><br></div><div class="gmail_extra"><br clear="all"><div>-- <br>Martin Hepworth, CISSP<br>
Oxford, UK</div>
<br><br><div class="gmail_quote">On 2 May 2014 11:13, Stef Morrell <span dir="ltr"><<a href="mailto:stef@aoc-uk.com" target="_blank">stef@aoc-uk.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello Kai,<br>
<div class=""><br>
On 02 May 2014 10:16 Kai Schaetzl wrote:<br>
> This is a common misunderstanding. SA via MS may not use the same config<br>
<br>
</div>Yes, I take on board the technical suggestions. I've basically been through all those checks. :)<br>
<br>
I am now starting to believe there is actually nothing wrong and that given I'm seeing apparent fails on blacklist rules is because the domains aren't blacklisted at the time the spam is generated.<br>
<br>
<a href="http://moms-flowersbouquet-nice.me" target="_blank">moms-flowersbouquet-nice.me</a> - registered end of 30/04/2014, spam arrived early 01/05/2014<br>
<a href="http://russianbrides-dating-great.me" target="_blank">russianbrides-dating-great.me</a> - registered 11 hours ago, spam arrived 3 hours ago.<br>
<br>
So the problem is likely not MS, it's how to detect and deal with spam from brand new domains/ip.<br>
<div class="HOEnZb"><div class="h5">--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
</div></div></blockquote></div><br></div>