Re: Facebook notifications sent from dynamic address
On Oct 7, 2019, at 11:35 AM, Kris Deugau wrote: > So tempting to let my inner BOFH out and just convert those to blacklist_from > entries instead though… So, so tempting! -- "A synonym is a word you use when you can't spell the word you first thought of." - Burt Bacharach
Re: Facebook notifications sent from dynamic address
On Sat, 05 Oct 2019 07:05:29 -0700 Kenneth Porter wrote: > (Nothing wrong with SA. Just an FYI about a popular service that > abuses the Internet and SA catches it.) I'd say it is SA's fault, the helo is: 66-220-155-138.mail-mail.facebook.com which is clearly not a dynamic address because of the .mail-mail. label. __HELO_DYNAMIC_IPADDR2 has an exception for [-.]static[-.], but nothing else. By contrast the default for the Botnet plugin is/was: botnet_serverwords e?mail(out)? mta mx(pool)? relay smtp botnet_serverwords static
Re: Facebook notifications sent from dynamic address
Kenneth Porter wrote: (Nothing wrong with SA. Just an FYI about a popular service that abuses the Internet and SA catches it.) I noticed one of my notifications from Facebook today got tagged by SA. Here's the two that put it over: 3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server [66.220.155.138 listed in dnsbl.sorbs.net] Here's the offending header: Received: from 66-220-155-138.mail-mail.facebook.com (66-220-155-138.mail-mail.facebook.com [66.220.155.138]) So who do I bitch at? I've never found any good way to complain to Facebook. I long ago sighed and globally whitelisted as many generic Facebook sending channels as I could find because of lunacy like this. whitelist_from_rcvd *@facebookmail.com .tfbnw.com whitelist_from_rcvd *@facebookmail.com .facebook.com whitelist_from_rcvd *@facebookappmail.com .tfbnw.com whitelist_from_rcvd *@facebookappmail.com .facebook.com whitelist_from_dkim *@facebookmail.com whitelist_from_dkim *@mail.instagram.com So tempting to let my inner BOFH out and just convert those to blacklist_from entries instead though... Of course, having whitelisted them we now have a couple of customers who routinely report various Facebook email notices as spam. -kgd
Re: Facebook notifications sent from dynamic address
I noticed the same thing this morning. This is new for me as of yesterday. They appear legit, but they get caught up in my filters for the dyn ip "appearance". From: Kenneth Porter Sent: Saturday, October 5, 2019 10:05 AM To: users@spamassassin.apache.org Subject: Facebook notifications sent from dynamic address (Nothing wrong with SA. Just an FYI about a popular service that abuses the Internet and SA catches it.) I noticed one of my notifications from Facebook today got tagged by SA. Here's the two that put it over: 3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server [66.220.155.138 listed in dnsbl.sorbs.net] Here's the offending header: Received: from 66-220-155-138.mail-mail.facebook.com (66-220-155-138.mail-mail.facebook.com [66.220.155.138]) So who do I bitch at? I've never found any good way to complain to Facebook.
Facebook notifications sent from dynamic address
(Nothing wrong with SA. Just an FYI about a popular service that abuses the Internet and SA catches it.) I noticed one of my notifications from Facebook today got tagged by SA. Here's the two that put it over: 3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server [66.220.155.138 listed in dnsbl.sorbs.net] Here's the offending header: Received: from 66-220-155-138.mail-mail.facebook.com (66-220-155-138.mail-mail.facebook.com [66.220.155.138]) So who do I bitch at? I've never found any good way to complain to Facebook.
