Re: Is there any way to score this?
Micke Andersson wrote: excuse me for my ignorance, but is this really the correct approach right now, since it is quite a lot of badly configured DNS servers out there. Should this not be handled by the SMTP server as is instead! And return an error code of 421 or something like this. Like AOL has implemented at their servers, you will be informed as sender about the problem, with an URL link to http://postmaster.info.aol.com/errors/421dnsnr.html Whatever opinions you may have about AOL, when they began rejecting mail without reverse-DNS entries a few years' back, AOL's sheer size forced mail admins to make sure that their servers have both forward and reverse lookups enable. Heck, even random cable/DSL hosts usually have reverse lookups configured, usually something like 123-123-123-123.someisp.com. Most of the mail I see coming from servers without reverse-resolution is spam, usually from hosts in places like China. Moreover, I'd much rather give such messages a relatively high SA score than reject them at the SMTP level. False positives in the SMTP exchange cause ill-will with clients and their correspondents. Or if one should have this above Rule, me my self would not for the time being, have that high of a score, I give these messages a score of 3.3 with an SA criterion of 4.0; I get very few false positives. Peter
Is there any way to score this?
Is there anyway to get points added if the sending mail server has no PTR record (unknown [196.211.162.65])? I am using Redhat Fedora and Spamassassin 3.1.2 and Postfix X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on SPAM1 X-Spam-Level: ** X-Spam-Status: No, score=3.0 required=4.9 tests=BAYES_50,EXTRA_MPART_TYPE, HTML_IMAGE_ONLY_28,HTML_MESSAGE autolearn=no version=3.1.2 Received: from lyonop.com (unknown [196.211.162.65]) Thanks in advance Robert Peace he would say instead of goodbyepeace my brother.
RE: Is there any way to score this?
Robert Swan wrote: Is there anyway to get points added if the sending mail server has no PTR record (unknown [196.211.162.65])? Received: from lyonop.com (unknown [196.211.162.65]) This is totally untested, but: header LOCAL_INVALID_PTR Received =~ /\(unknown / This might be more robust: header LOCAL_INVALID_PTR Received =~ /from \S+ \(unknown / Again, totally untested, so put them in with a score of 0.01 and watch them for a while before you rely on either on.
Re: Is there any way to score this?
Robert Swan wrote: Is there anyway to get points added if the sending mail server has no PTR record *(unknown [196.211.162.65])?* I am using Redhat Fedora and Spamassassin 3.1.2 and Postfix I was looking for the same thing some time ago, but I couldn't easily find a way to do that in SA. Instead I use the MTA (Exim) to add a header if the PTR is missing, and then I use SA to check against that header. Perhaps there are better ways to do it. -- Andreas
Re: Is there any way to score this?
On 10/13/06 17:12, Andreas Pettersson wrote: Robert Swan wrote: Is there anyway to get points added if the sending mail server has no PTR record *(unknown [196.211.162.65])?* I am using Redhat Fedora and Spamassassin 3.1.2 and Postfix With a postfix mail gateway, I use a local SA rule like: Received =~ /from \S{1,30} \(unknown \[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)\s+by\s+your\.smtp\.server\.desy/ Replace your.smtp.server by your server's name ... Cheers, wolfgang
Re: Is there any way to score this?
On 10/13/06 17:34, Wolfgang Zeikat wrote: Received =~ /from \S{1,30} \(unknown \[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)\s+by\s+your\.smtp\.server\.desy/ Replace your.smtp.server by your server's name ... Oops, and leave out \.desy of course ;) And - just to make sure - that's a header rule. Cheers, wolfgang
Re: Is there any way to score this?
James Lay wrote: -Original Message- From: Wolfgang Zeikat [mailto:[EMAIL PROTECTED] Sent: Friday, October 13, 2006 9:49 AM To: users@spamassassin.apache.org Subject: Re: Is there any way to score this? On 10/13/06 17:34, Wolfgang Zeikat wrote: Received =~ /from \S{1,30} \(unknown \[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)\s+by\s+your\.smtp\.server\.de sy/ Replace your.smtp.server by your server's name ... Oops, and leave out \.desy of course ;) And - just to make sure - that's a header rule. Cheers, wolfgang So does: header UNKNOWN Received =~ /from \S{1,30} \(unknown\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)\s+by\s+mail\.slave-tothe-b ox\.net/ score UNKNOWN 3 describeUNKNOWN Unknown hosts Look about right? James Hi all, excuse me for my ignorance, but is this really the correct approach right now, since it is quite a lot of badly configured DNS servers out there. Should this not be handled by the SMTP server as is instead! And return an error code of 421 or something like this. Like AOL has implemented at their servers, you will be informed as sender about the problem, with an URL link to http://postmaster.info.aol.com/errors/421dnsnr.html Or if one should have this above Rule, me my self would not for the time being, have that high of a score, check out your legitimate and non SPAM incoming mails, you will find tons of e-mail server IP's that is not registered with a good PTR. And even further, if this test is done at SMTP server level, there will not be that much of CPU consuming processing to check if the sender is an unknown sender IP. /Micke