> > >I guess you are confused by my message and I am confused by yours. Allow me to clarify.
Oops, did not notice jpg attachment. Better to post just text. >I have 3 lines of defense and the 2 main ones have failed. The SPAM messages are > undetected. You tell me that the best way is to treat spam is to reject it but > all my attempts to detect this particular instance, let alone reject it have > been unsuccessful. Yes these are not correct (anymore? I guess their infrastructure changed?) [@ files]$ dig +short jiveon.jivesoftware.com sendgrid.net. 167.89.123.54 167.89.115.56 [@ files]$ dig +short -x 167.89.123.54 o16789123x54.outbound-mail.sendgrid.net. The specific range of sendgrid looks like this[1]. So now you know they use sendgrid and probably have access to a 'limited' dynamic ip range. Now you can decide to reject email coming from (the whole of) sendgrid. I have created an email address and ip white list. So if someone legitimate complains. I can allow that specific email address or ip to go through. If sendgrid is getting smarter in the future you will have problems blocking just on sendgrid.net. Mailgun already switched to something like this[2]. Some spammers even change their reverse lookup just before sending. Then you have to fall back on eg. ip blacklisting. I am currently thinking about doing an asn lookup. As you can see these return the same id for different reverse configured ips of mailgun. [@ ~]# dig +short -t txt 40.151.61.209.origin.asn.cymru.com "33070 | 209.61.128.0/19 | US | arin | 2000-06-05" [@ ~]# dig +short -t txt 41.151.61.209.origin.asn.cymru.com "33070 | 209.61.128.0/19 | US | arin | 2000-06-05" [@ ~]# dig +short -t txt 42.151.61.209.origin.asn.cymru.com "33070 | 209.61.128.0/19 | US | arin | 2000-06-05" [@ ~]# dig +short -t txt 43.151.61.209.origin.asn.cymru.com Maybe also forget about the access map and switch to something like mailfromd. I think you can even reject the message with it after you analyzed the whole message body. >Line of Defense No. 1: >The sendmail 'access' file seen below. For over a year only one statement was > sufficient, as you can see now I have 11 and they all fail. Things change (fast) > >Line of Defense No. 2: >Spamassassin. It have submitted over a thousand messages as follows: > >% sa-learn --spam --mbox Mail/Junk > >Unfortunately, that command has never been able to increase the score > of the messages. > [1] 67.89.123.6 o16789123x6.outbound-mail.sendgrid.net. 167.89.123.7 o16789123x7.outbound-mail.sendgrid.net. 167.89.123.8 o16789123x8.outbound-mail.sendgrid.net. 167.89.123.9 o16789123x9.outbound-mail.sendgrid.net. 167.89.123.10 o16789123x10.outbound-mail.sendgrid.net. 167.89.123.11 o16789123x11.outbound-mail.sendgrid.net. 167.89.123.12 o16789123x12.outbound-mail.sendgrid.net. 167.89.123.13 o16789123x13.outbound-mail.sendgrid.net. 167.89.123.14 o16789123x14.outbound-mail.sendgrid.net. 167.89.123.15 o16789123x15.outbound-mail.sendgrid.net. 167.89.123.16 o16789123x16.outbound-mail.sendgrid.net. 167.89.123.17 o16789123x17.outbound-mail.sendgrid.net. 167.89.123.18 o16789123x18.outbound-mail.sendgrid.net. 167.89.123.19 o16789123x19.outbound-mail.sendgrid.net. 167.89.123.20 o16789123x20.outbound-mail.sendgrid.net. 167.89.123.21 o16789123x21.outbound-mail.sendgrid.net. 167.89.123.22 o16789123x22.outbound-mail.sendgrid.net. 167.89.123.23 o16789123x23.outbound-mail.sendgrid.net. 167.89.123.24 o16789123x24.outbound-mail.sendgrid.net. 167.89.123.25 o16789123x25.outbound-mail.sendgrid.net. 167.89.123.26 o16789123x26.outbound-mail.sendgrid.net. 167.89.123.27 o16789123x27.outbound-mail.sendgrid.net. 167.89.123.28 o16789123x28.outbound-mail.sendgrid.net. 167.89.123.29 o16789123x29.outbound-mail.sendgrid.net. 167.89.123.30 o16789123x30.outbound-mail.sendgrid.net. 167.89.123.31 o16789123x31.outbound-mail.sendgrid.net. 167.89.123.32 o16789123x32.outbound-mail.sendgrid.net. 167.89.123.33 o16789123x33.outbound-mail.sendgrid.net. 167.89.123.34 o16789123x34.outbound-mail.sendgrid.net. 167.89.123.35 o16789123x35.outbound-mail.sendgrid.net. 167.89.123.36 o16789123x36.outbound-mail.sendgrid.net. 167.89.123.37 o16789123x37.outbound-mail.sendgrid.net. ... 167.89.123.245 o16789123x245.outbound-mail.sendgrid.net. 167.89.123.246 o16789123x246.outbound-mail.sendgrid.net. 167.89.123.247 o16789123x247.outbound-mail.sendgrid.net. 167.89.123.248 o16789123x248.outbound-mail.sendgrid.net. 167.89.123.249 o16789123x249.outbound-mail.sendgrid.net. 167.89.123.250 o16789123x250.outbound-mail.sendgrid.net. 167.89.123.251 o16789123x251.outbound-mail.sendgrid.net. 167.89.123.252 o16789123x252.outbound-mail.sendgrid.net. 167.89.123.253 o16789123x253.outbound-mail.sendgrid.net. 167.89.123.254 o16789123x254.outbound-mail.sendgrid.net. 167.89.123.255 o16789123x255.outbound-mail.sendgrid.net. [2] 209.61.151.28 rs28.mailgun.us. 209.61.151.29 rs29.mailgun.us. 209.61.151.30 rs30.mailgun.us. 209.61.151.31 rs31.mailgun.us. 209.61.151.32 rs32.mailgun.us. 209.61.151.33 rs33.mailgun.us. 209.61.151.34 rs34.mailgun.us. 209.61.151.35 rs35.mailgun.us. 209.61.151.36 rs36.mailgun.us. 209.61.151.37 rs37.mailgun.us. 209.61.151.38 rs38.mailgun.us. 209.61.151.39 rs39.mailgun.us. 209.61.151.40 mail-151.40.greenhouse.io. 209.61.151.41 rs41.hire.lever.co. 209.61.151.42 rs42.mailgun.us. 209.61.151.43 rs43.mailgun.us. 209.61.151.44 rs44.mailgun.us. 209.61.151.45 mailgun10.discogs.com. 209.61.151.46 rs46.mailgun.us. 209.61.151.47 rs47.mailgun.us. 209.61.151.48 mailgun.skydreams.com. 209.61.151.49 rs49.mailgun.us. 209.61.151.50 rs50.mailgun.us. 209.61.151.51 rs51.mailgun.us. 209.61.151.52 rs52.mailgun.us. 209.61.151.53 rs53.mailgun.us. 209.61.151.54 rs54.mailgun.us. 209.61.151.55 rs55.mailgun.us. 209.61.151.56 rs56.mailgun.us. 209.61.151.57 rs57.mailgun.us. 209.61.151.58 rs58.mailgun.us. 209.61.151.59 rs59.mailgun.us.