On Wed, Nov 29, 2006 at 05:58:19PM -0300, Andres wrote: > I know that this is more a spamassassin-related question but I found > here smart guys who also work with it, and maybe experienced this, > > I added this to local.cf at /etc/spamassassin > > whitelist_from_rcvd [EMAIL PROTECTED] domain.com > > (domain.com is my domain) > > and: > > trusted_networks 127.0.0.1 200.x.x.x > > (the last IP is the MX external server IP) > > But I keep getting high scores and the email is sent to quarantine, > this is header information for a particular e-mail from my domain: > > X-Spam-Status: Yes, score=7.768 tag=2 tag2=6.31 kill=6.31 tests=[AWL=-1.496, > BAYES_00=-2.599, HTML_MESSAGE=0.001, HTML_TITLE_EMPTY=0.214, > MIME_BASE64_NO_NAME=0.224, MIME_HTML_ONLY=0.001, RCVD_IN_DSBL=2.6, > RCVD_IN_NJABL_PROXY=0.721, RCVD_IN_SORBS_DUL=2.046, > RCVD_IN_SORBS_SOCKS=2.159, RCVD_IN_XBL=3.897] > X-Spam-Score: 7.768 > X-Spam-Level: ******* > X-Spam-Flag: YES
If these scores are correct, and you did indeed receive it from an employee machine on your network, your employee has a really-truly badly compromised machine on your network which is being actively used to send spam. RCVD_IN_DSBL and RCVD_IN_NJABL_PROXY both indicate specifically that the machine your mailserver received it from has a trojan or an abused proxy server; the NJABL listing has also caused it to be listed in the SpamHaus XBL combined zone. (The SORBS_SOCKS implies it's a SOCKS proxy, but SORBS is less reliable. In combination with the other listings, though, it's probably correct.) Find the machine this is coming from, get it fixed, and then request it to be de-listed with the various blacklists: DSBL, NJABL, and SORBS. -- Clifton -- Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED] President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/