Ted Cooper wrote: > !!!!!!! 131.111.8.0/24 is black listed from queries to URIBL public > mirrors !!!!!!!!!!!! (tahini .. the cam.ac.uk network .. or part thereof) > > W B Hacker wrote: >> Side issue - NOW we have a mystery - not sure if it is related - >> *attempting* to >> copy you directly. >> > Quite interesting. My server added the higher than average negative spam > score on my outbound (I think) so it looks like I'm leaking there ;) But > since it's less than 5, I'm not adding anything but that single header. > I received both of these emails and it looks like I didn't have anything > to do with the rejection of the bounced mail. Mailing list went nuts? >> My goal was to add spam demerits for that 'race' of MTA (above) >> >> CAVEAT: in my environment, and perhaps no other, it has always and only been >> used to send very obvious UCE or phish. >> > I've seen PowerMTA in a lot of spam that's trying to pass off as ok, but > it's also used by a few people in the travel industry so I can't be very > abusive towards. >> But .. on the way to the theatre, both my original post and your reply post >> were >> whacked with outrageous SA scores and shunted off to a quarantine folder. >> >> Headers appear to show THREE passes thru SA at various points, scores >> ranging >> from a high positive to a higher-then-average negative, and a third score in >> the >> middle. >> >> Given the rather innocent message content, it looks as if at least one of us >> is >> already filtering on that very string - the one naming the MTA. >> >> I don't see any other content that is out of the ordinary. >> >> Relevant headers from my post and your reply below. >> >> > On my post, I'm guessing mxa.outb is adding the -4.1, tahini is adding > the 1.4 and you're adding the 4.0. The first header is my MUA not an MTA > even though my rDNS is setup for a mail server. I got that setup and > then never moved my outbound host ;) > > The weird this is the URIBL and URIBL_PH_SURBL hits ... what did I send > again?? > > X-Spam-Status: No, score=1.4 required=5.0 tests=AWL=-3.000, BAYES_00=-1.5, > FORGED_RCVD_HELO=0.135, URIBL_BLACK=3, > URIBL_PH_SURBL=2.8 autolearn=no version=3.1.8 > > > !!!!!!! 131.111.8.0/24 is black listed from queries to URIBL public > mirrors !!!!!!!!!!!! > > I'm guessing that might explain the whack scores. > >
Perhaps odder yet - my SA applied the highest score, yet is has Bayes OFF and if it has started doing any form of RBL, I've got to have a go at it and see what the upgrades have dragged in under the radar. Did see a mention of filtering for PowerMTA in the SA list, but haven't seen any code yet. DATA is 'too late' to block on that - I don't want the message on board. .. and 'travel industry'? If there is anything left of it after TSA and volcanic ash disruptions, they can use a more polite MTA - else pack it in, retrain as parasites and run for public office. Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
