Ted Cooper wrote: > !!!!!!! 131.111.8.0/24 is black listed from queries to URIBL public > mirrors !!!!!!!!!!!! (tahini .. the cam.ac.uk network .. or part thereof) > > W B Hacker wrote: >> Side issue - NOW we have a mystery - not sure if it is related - >> *attempting* to copy you directly. >> > Quite interesting. My server added the higher than average negative spam > score on my outbound (I think) so it looks like I'm leaking there ;) But > since it's less than 5, I'm not adding anything but that single header. > I received both of these emails and it looks like I didn't have anything > to do with the rejection of the bounced mail. Mailing list went nuts? >> My goal was to add spam demerits for that 'race' of MTA (above) >> >> CAVEAT: in my environment, and perhaps no other, it has always and >> only been used to send very obvious UCE or phish. >> > I've seen PowerMTA in a lot of spam that's trying to pass off as ok, but > it's also used by a few people in the travel industry so I can't be very > abusive towards. >> But .. on the way to the theatre, both my original post and your reply >> post were whacked with outrageous SA scores and shunted off to a >> quarantine folder. >> >> Headers appear to show THREE passes thru SA at various points, scores >> ranging from a high positive to a higher-then-average negative, and a >> third score in the middle. >> >> Given the rather innocent message content, it looks as if at least one >> of us is already filtering on that very string - the one naming the MTA. >> >> I don't see any other content that is out of the ordinary. >> >> Relevant headers from my post and your reply below. >> >> > On my post, I'm guessing mxa.outb is adding the -4.1, tahini is adding > the 1.4 and you're adding the 4.0. The first header is my MUA not an MTA > even though my rDNS is setup for a mail server. I got that setup and > then never moved my outbound host ;) > > The weird this is the URIBL and URIBL_PH_SURBL hits ... what did I send > again?? > > X-Spam-Status: No, score=1.4 required=5.0 tests=AWL=-3.000, BAYES_00=-1.5, > FORGED_RCVD_HELO=0.135, URIBL_BLACK=3, > URIBL_PH_SURBL=2.8 autolearn=no version=3.1.8 > > > !!!!!!! 131.111.8.0/24 is black listed from queries to URIBL public > mirrors !!!!!!!!!!!! > > I'm guessing that might explain the whack scores. > >
Ted, Thanks - that also explains something I had not taken the time to look at - evidenced in several of my replies to posts showing up with 'Suspect:' stuffed into the subject line - added by my filters on the OP trip from tahini to me. As we would expect, tahini is one of the most expertly and 'pragmaticaly' configured servers about - very good balance of filtering. But from time to time I have had give it special handling - one of the very few I do not arbitrarily strip ALL X-headers from for example, as doing so messes up threading. Wonder if this URIBL issue is affecting anyone else? Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
