On Wed, Nov 29, 2006 at 05:58:19PM -0300, Andres wrote:
> I know that this is more a spamassassin-related question but I found
> here smart guys who also work with it, and maybe experienced this,
>
> I added this to local.cf at /etc/spamassassin
>
> whitelist_from_rcvd [EMAIL PROTECTED] domain.com
>
> (domain.com is my domain)
>
> and:
>
> trusted_networks 127.0.0.1 200.x.x.x
>
> (the last IP is the MX external server IP)
>
> But I keep getting high scores and the email is sent to quarantine,
> this is header information for a particular e-mail from my domain:
>
> X-Spam-Status: Yes, score=7.768 tag=2 tag2=6.31 kill=6.31 tests=[AWL=-1.496,
> BAYES_00=-2.599, HTML_MESSAGE=0.001, HTML_TITLE_EMPTY=0.214,
> MIME_BASE64_NO_NAME=0.224, MIME_HTML_ONLY=0.001, RCVD_IN_DSBL=2.6,
> RCVD_IN_NJABL_PROXY=0.721, RCVD_IN_SORBS_DUL=2.046,
> RCVD_IN_SORBS_SOCKS=2.159, RCVD_IN_XBL=3.897]
> X-Spam-Score: 7.768
> X-Spam-Level: *******
> X-Spam-Flag: YES
If these scores are correct, and you did indeed receive it from an
employee machine on your network, your employee has a really-truly
badly compromised machine on your network which is being actively used
to send spam.
RCVD_IN_DSBL and RCVD_IN_NJABL_PROXY both indicate specifically that
the machine your mailserver received it from has a trojan or an abused
proxy server; the NJABL listing has also caused it to be listed in the
SpamHaus XBL combined zone. (The SORBS_SOCKS implies it's a SOCKS
proxy, but SORBS is less reliable. In combination with the other
listings, though, it's probably correct.) Find the machine this is
coming from, get it fixed, and then request it to be de-listed with the
various blacklists: DSBL, NJABL, and SORBS.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting services
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
