On 2021-04-10 12:10 PM, Greg Troxel wrote:
Steve Dondley <s...@dondley.com> writes:
Here are the headers from some egregious spam. It scored a whopping
20.8 point despite being flagged with "RCVD_IN_DNSWL_HI."
Return-Path: <qp5cdmj-rf...@yahoo.co.jp>
Delivered-To: s...@example.com
Received: from email.example.com
by email.example.com with LMTP
id AnV2NSCZbmCTcQAAB604Gw
(envelope-from <qp5cdmj-rf...@yahoo.co.jp>)
for <s...@example.com>; Thu, 08 Apr 2021 01:48:16 -0400
really? Those are the headers?
Yes. Why do you ask? Is it unusual that this egregious example of spam
is on DNSWL_HI?
So my advice again is:
Run spamassassin -t on the message so you see the metadata about the
rules like which IP hit and the per-rule score.
I've already done that on selective email messages.
If you got spam from a sender in DNSWL_HI, report it to dnswl.org.
Give them a week and see if they take the IP out, or what happens,
and
tell us how it went.
I plan on it but first:
1) I want to verify with this list I don't have something misconfigured
before I report 300+ emails. From what I've read in the emails last
week, this would be highly unusual.
2) If I do have that many false positives, I need to figure out how to
bulk report that many of them.
