Greetings. In article <[EMAIL PROTECTED]>, Matt Kettler wrote: >> Nonetheless, there's one >> particular kind of spam lately that always seems to slip through; it >> consists of a bunch of random words plus a graphic attachment. The >> graphic is usually a page of text advertising something -- almost always >> a >> stock, though I've had a few penis-enlargement product ads. See >> <http://www.dfki.uni-kl.de/~miller/tmp/stock_spam.txt> for some examples >> (mbox format). > > Tristan.. Have you correctly configured your trusted_networks?
Nope. I wasn't aware I had to. I've since added some IP ranges from my mail hosts. > The first message in that example SHOULD have triggered > RCVD_IN_NJABL_DUL and RCVD_IN_SORBS_DUL. > > As per this header: > > Received: from M696P000.adsl.highway.telekom.at > (M696P000.adsl.highway.telekom.at [62.47.246.224]) > by mail.dfki.de (Postfix) with SMTP id 90E26E4918 > for <[EMAIL PROTECTED]>; Sun, 2 Apr 2006 00:22:49 +0200 (CEST) > > But for some reason the header not parsing or trust path is broken > somewhere and SA thinks that 62.47.246.224 is internal. > > You might want to run the message through spamassassin with debugging > enabled and see what it has to say about the Received: parsing. Here's what I get. I'm surprised that it says DNS is not available. Could this be why it's not triggering RCVD_IN_NJABL_DUL and RCVD_IN_SORBS_DUL? I'm connected to the network and don't have "dns_available no" set anywhere, so I don't know why it says DNS is not available. debug: received-header: parsed as [ ip=127.0.0.1 rdns=localhost helo=localhost by=linux.range81-129.btcentralplus.com ident= envfrom= intl=0 id=9CC8E9B5B7 auth= ] debug: found fetchmail marker, restarting parse debug: received-header: parsed as [ ip=192.168.41.254 rdns=gate-4114 helo=dfki-2203.dfki.uni-kl.de by=serv-4100.kl.dfki.de ident= envfrom= intl=0 id=k31MMqeo017567 auth= ] debug: received-header: parsed as [ ip=192.168.22.192 rdns=isg-2202.kl.dfki.de helo=mailgate2.uni-kl.de by=dfki-2203.dfki.uni-kl.de ident= envfrom= intl=0 id=k31MMq308763 auth= ] debug: received-header: parsed as [ ip=134.96.188.26 rdns=corp-206.dfki.uni-sb.de helo=mail.dfki.de by=mailgate2.uni-kl.de ident= envfrom= intl=0 id=k31MMpkw032254 auth= ] debug: received-header: parsed as [ ip=127.0.0.1 rdns=localhost.dfki.uni-sb.de helo=mail.dfki.de by=localhost ident= envfrom= intl=0 id=20DC0E4952 auth= ] debug: received-header: parsed as [ ip=62.47.246.224 rdns=M696P000.adsl.highway.telekom.at helo=M696P000.adsl.highway.telekom.at by=mail.dfki.de ident= envfrom= intl=0 id=90E26E4918 auth= ] debug: is DNS available? 0 debug: received-header: parsed as [ ip=192.168.4.59 rdns= helo=vca by=M696P000.adsl.highway.telekom.at ident= envfrom= intl=0 id=1FPoWo-0005g8-Ka auth= ] debug: received-header: relay 192.168.41.254 trusted? yes internal? no debug: received-header: relay 192.168.22.192 trusted? yes internal? no debug: received-header: relay 134.96.188.26 trusted? yes internal? no debug: received-header: relay 127.0.0.1 trusted? yes internal? no debug: received-header: relay 62.47.246.224 trusted? no internal? no debug: received-header: relay 192.168.4.59 trusted? no internal? no > Also I would *STRONGLY* suggest you upgrade your SA when you get a > chance. SA 3.0.4 has some pretty major bugs (including a DoS) that are > fixed in 3.0.5, and lacks some important features present in 3.1.0 and > 3.1.1. I have two machines, one running SuSE 9.3 and the other running SuSE 10.0. SuSE hasn't made RPMs for SA>3.0.4 available yet. I suppose I could install 3.1.1 manually, but I like being able to use apt4rpm for automatic updates. Regards, Tristan -- _ _V.-o Tristan Miller [en,(fr,de,ia)] >< Space is limited / |`-' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <> In a haiku, so it's hard (7_\\ http://www.nothingisreal.com/ >< To finish what you