Apache.org spam??
I recently got this spam that made its way thru SpamAssassin: http://pastebin.ca/1474274 Looks like it was received from mail.apache.org which is in the DNSWL.org DB, unsurprisingly. Why would mail.apache.org send out this obvious spam? Best regards, Jeremy Morton (Jez)
Re: Apache.org spam??
To reply to myself I guess that was sent to the spamassassin.apache.org list and the list was BCC'd so it didn't get put into my list folder. Ah well. Best regards, Jeremy Morton (Jez) Jeremy Morton wrote: I recently got this spam that made its way thru SpamAssassin: http://pastebin.ca/1474274 Looks like it was received from mail.apache.org which is in the DNSWL.org DB, unsurprisingly. Why would mail.apache.org send out this obvious spam? Best regards, Jeremy Morton (Jez)
Re: Apache.org spam??
On Thu, June 25, 2009 17:10, Jeremy Morton wrote: Looks like it was received from mail.apache.org which is in the DNSWL.org DB, unsurprisingly. Why would mail.apache.org send out this obvious spam? blame mozilla thunderbird for the resent headers, the problem is that one user release something in there quarantine and spammed forged headers -- xpoint
Re: Apache.org spam??
On Thu, June 25, 2009 17:20, Jeremy Morton wrote: I guess that was sent to the spamassassin.apache.org list and the list was BCC'd so it didn't get put into my list folder. Ah well. with sieve: if header :contains List-Id users.spamassassin.apache.org { fileinto maillists.spamassassin; stop; } -- xpoint
Re: Apache.org spam??
At 08:10 25-06-2009, Jeremy Morton wrote: I recently got this spam that made its way thru SpamAssassin: [non-persistent information snipped] Looks like it was received from mail.apache.org which is in the DNSWL.org DB, unsurprisingly. Why would mail.apache.org send out this obvious spam? The message was sent by a mailing list subscriber to a list which generally discusses about spam. It scored 4.0 on Apache.org. Why is the message obvious spam? What rules would you recommend to catch it? Regards, -sm
Re: Apache.org spam??
On Thu, June 25, 2009 17:56, SM wrote: What rules would you recommend to catch it? something as this on apache.org: header __RESENT1 exists:Resent-From header __RESENT2 exists:Resent-To header __RESENT3 exists:Resent-Date header __RESENT4 exists:Resent-Message-Id meta NO_RESENT_MAIL (__RESENT1 __RESENT2 __RESENT3 __RESENT4) describe NO_RESENT_MAIL Meta: please dont resend mail to maillists score NO_RESENT_MAIL 3.0 if i cant fix others problems but imho apache.org need the above :) -- xpoint
Re: Apache.org spam??
At 09:13 25-06-2009, Benny Pedersen wrote: something as this on apache.org: header __RESENT1 exists:Resent-From header __RESENT2 exists:Resent-To header __RESENT3 exists:Resent-Date header __RESENT4 exists:Resent-Message-Id meta NO_RESENT_MAIL (__RESENT1 __RESENT2 __RESENT3 __RESENT4) describe NO_RESENT_MAIL Meta: please dont resend mail to maillists score NO_RESENT_MAIL 3.0 if i cant fix others problems but imho apache.org need the above :) Nice. The above rules cannot be applied for all apache.org traffic as it's not only for mailing lists. Regards, -sm
Re: Apache.org spam??
On Thu, 25 Jun 2009, SM wrote: At 09:13 25-06-2009, Benny Pedersen wrote: something as this on apache.org: header __RESENT1 exists:Resent-From header __RESENT2 exists:Resent-To header __RESENT3 exists:Resent-Date header __RESENT4 exists:Resent-Message-Id meta NO_RESENT_MAIL (__RESENT1 __RESENT2 __RESENT3 __RESENT4) describe NO_RESENT_MAIL Meta: please dont resend mail to maillists score NO_RESENT_MAIL 3.0 if i cant fix others problems but imho apache.org need the above :) Nice. The above rules cannot be applied for all apache.org traffic as it's not only for mailing lists. I point out that I've had legitimate reason in the past to resend messages to the SA list. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Phobias should not be the basis for laws. --- 9 days until the 233rd anniversary of the Declaration of Independence
Re: Apache.org spam??
On Thu, June 25, 2009 19:48, John Hardin wrote: I point out that I've had legitimate reason in the past to resend messages to the SA list. test my rules better, will it hit a resend from you ? :) well repost is not a resend, so it might still not hit -- xpoint