Rule Advice

Wed, 13 Jul 2005 12:52:35 -0700

We're working with someone who has a domain that starts with a number: 360skincare.com. So it gets bit by FROM_STARTS_WITH_NUMS. I also see some for suspicious hostname.
A little more background: the sender appears to come from pacbell.net isp and using a webmail client. 


Are these "suspicious hostname" entries appearing because the  
hostname starts with a number? Any other advice on these headers to  
help the user not appear as sending spam? I suspect they are out of  
luck for the bl rules if pacbell is on a block list.


Here are the full headers (since upgraded to 3.0.4):


From: [EMAIL PROTECTED]
Date: July 9, 2005 2:00:29 PM MST
To: [EMAIL PROTECTED]
Subject: Re: here you go
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]

Received: (qmail 31028 invoked from network); 9 Jul 2005 21:00:29  
-0000
Received: from localhost (127.0.0.1) by localhost with SMTP; 9 Jul  
2005 21:00:29 -0000
Received: from adsl-64-165-17-127.dsl.sndg02.pacbell.net  
(adsl-64-165-17-127.dsl.sndg02.pacbell.net [64.165.17.127])  by  
webmail.360skincare.com (IMP) with HTTP  for  
<[EMAIL PROTECTED]@localhost>; Sat,  9 Jul 2005 17:00:29 -0400

Message-Id: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.3
X-Originating-Ip: 64.165.17.127
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hidden2
X-Spam-Level: *******

X-Spam-Status: Yes, score=7.5 required=5.0  
tests=FROM_STARTS_WITH_NUMS,  
HELO_DYNAMIC_DHCP,HELO_DYNAMIC_HCC,HELO_DYNAMIC_IPADDR,  
RCVD_IN_NJABL_DUL autolearn=no version=3.0.3
X-Spam-Report: *  0.1 HELO_DYNAMIC_DHCP Relay HELO'd using  
suspicious hostname (DHCP) *  1.5 HELO_DYNAMIC_HCC Relay HELO'd  
using suspicious hostname (HCC) *  2.8 HELO_DYNAMIC_IPADDR Relay  
HELO'd using suspicious hostname (IP addr 1) *  1.5  
FROM_STARTS_WITH_NUMS From: starts with nums *  1.7  
RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP  
*      [64.165.17.127 listed in combined.njabl.org]






















					Reply via email to