From: Marc Perkel [mailto:[EMAIL PROTECTED] Bret Miller wrote:
Bret Miller wrote:
* 127.0.0.1 - whilelist - trusted nonspam
* 127.0.0.2 - blacklist - block spam
* 127.0.0.3 - yellowlist - mix of spam
and nonspam
* 127.0.0.4 - brownlist - all spam - but
not yet enough
to blacklist
And hotmail.com warrants being blacklisted?? Ouch.
I do like the idea of white and yellow lists. If I
could just get
CommuniGate to add the ability to use it...
Hotmail would be yellow listed.
My headers say RCVD_IN_JMF_BL, the rule says:
header RCVD_IN_JMF_BL eval:check_rbl_sub('JMF', '127.0.0.2')
describe RCVD_IN_JMF_BL Sender listed in JMF-BLACK
tflags RCVD_IN_JMF_BL net
score RCVD_IN_JMF_BL 1.0
And here are the headers:
X-Spam-Tests: tests=AWL=0.782,BAYES_00=-2.599,EXTRA_MPART_TYPE=1,
FH_RELAY_NODNS=1.451,HTML_MESSAGE=0.001,PART_CID_STOCK=1.635,RCVD_IN_JMF_B
L=
1,
RCVD_IN_MXRATE_WL=-2,RDNS_NONE=0.1,T_TVD_FW_GRAPHIC_ID1=0.01;autolearn=no
X-Spam-Score: 1.4
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on mail.hq.wcg.org
X-Spam-Level: +
X-TFF-CGPSA-Version: 1.6a5
X-WCG-CGPSA-Filter: Scanned
Return-Path: <mailto:[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Received: from [65.54.246.239] (HELO bay0-omc3-s39.bay0.hotmail.com)
by mail.wcg.org (CommuniGate Pro SMTP 5.1.11)
with ESMTP id 22324864 for [EMAIL PROTECTED]; Mon, 27 Aug 2007 11:29:31 -0700
Received: from hotmail.com ([65.55.130.13]) by
bay0-omc3-s39.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
Mon, 27 Aug 2007 11:29:16 -0700
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Mon, 27 Aug 2007 11:29:15 -0700
Message-ID: <mailto:[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Received: from 71.110.94.199 by BAY125-DAV3.phx.gbl with DAV;
Mon, 27 Aug 2007 18:29:10 +0000
X-Originating-IP: [71.110.94.199]
X-Originating-Email: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
From: " Common Ground" <mailto:[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
To: <xxxx>
Subject: Back to School Blessings
Date: Mon, 27 Aug 2007 11:29:09 -0700
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0023_01C7E89D.7C72B430";
type="multipart/alternative"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-OriginalArrivalTime: 27 Aug 2007 18:29:15.0665 (UTC)
FILETIME=[2C450810:01C7E8D8]
Return-Path: [EMAIL PROTECTED]
To me, this equals hotmail is on the black list.
Bret
Something is odd. That IP isn't in any of my lists.
Indeed. The problem is the rule, not the list. The check looks back at
all IPs in the path, including the X-Originating-IP headers. So, "[2860]
dbg: dns: hit <dns:199.94.110.71.hostkarma.junkemailfilter.com> 127.0.0.2"
is what SA says is the problem. I guess I need to look at fixing it so it
scans only the last external...
Bret
I did some experimenting a while back looking at all the received IP
addresses and got too many false positives. I had to give up on the idea
because it didn't work.
OK... but the rules you supplied for SpamAssassin did exactly that-- they
looked back at all the received headers and X-Original-IP and tested them
against the lists. Add a -lastexternal to the set name to get only the
last IP outside your network.
Bret
smime.p7s
Description: S/MIME cryptographic signature
