Anshul Chauhan schrieb: > Below is the mail header for one of the mail in which to & from id id same > > From u...@mydomain.com <mailto:u...@mydomain.com> Sat Jun 6 12:41:57 2009 > Return-Path: <u...@mydomain.com <mailto:u...@mydomain.com>> > X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on > mailserver1.mydomain.com <http://mailserver1.mydomain.com> > X-Spam-Level: **** > X-Spam-Status: No, score=4.4 required=5.0 > tests=HTML_FONT_SIZE_HUGE,HTML_IMAGE_ONLY_24,HTML_MESSAGE,MIME_HTML_ONLY,RDNS_DYNAMIC > shortcircuit=noautolearn=no version=3.2.5 > Received: from ABTS-KK-dynamic-136.34.172.122.airtelbroadband.in > <http://ABTS-KK-dynamic-136.34.172.122.airtelbroadband.in> > (ABTS-KK-dynamic-026.159.172.122.airtelbroadband.in > <http://ABTS-KK-dynamic-026.159.172.122.airtelbroadband.in> > [122.172.159.26] (may be forged))by mailserver1.mydomain.com > <http://mailserver1.mydomain.com> (8.13.1/8.13.1) with ESMTP id > n567Ban7019772for <u...@mydomain.com <mailto:u...@mydomain.com>>; Sat, 6 > Jun 2009 12:41:42 +0530 > Date: Sat, 6 Jun 2009 12:41:42 +0530 > Message-ID: > <618687839783948.slilovsyitpo...@abts-kk-dynamic-136.34.172.122.airtelbroadband.in > <mailto:618687839783948.slilovsyitpo...@abts-kk-dynamic-136.34.172.122.airtelbroadband.in>> > From: "Lauran" <u...@mydomain.com <mailto:u...@mydomain.com>> > To: u...@mydomain.com <mailto:u...@mydomain.com> > Subject: Video Bush's accident > MIME-Version: 1.0 > Content-Type: text/html; charset="ISO-8859-1" > Content-Transfer-Encoding: 7bit > X-Virus-Scanned: ClamAV 0.94.2/9433/Sat Jun 6 02:49:42 2009 on > mailserver1.mydomain.com <http://mailserver1.mydomain.com> > X-Virus-Status: Clean > X-Logged: Logged by mailserver1.mydomain.com > <http://mailserver1.mydomain.com> as n567Ban7019772 at Sat Jun 6 > 12:41:42 2009 > > Warm Regards, > Anshul Chauhan > "Dream is not what you see while sleep, it's the thing that does not let > you sleep." > > > > On Sat, Jun 6, 2009 at 4:04 PM, ram <r...@netcore.co.in > <mailto:r...@netcore.co.in>> wrote: > > > On Sat, 2009-06-06 at 02:55 -0700, chauhananshul wrote: > > I'm getting a lot of mails daily in which to & from addresses are > same & > > spamassassin is not able to stop them. I'm using > spamassassin-3.2.5-1.el4.rf > > CentOS4.7 with sendmail.I've increased the score to 4 frm default > 5 but > > stills its not catching them. > > > > How can i make spamassassin catch these mails. > > Please post a sample ( full mail source including headers) on some > pastebin and post the link here > > > > > >
looks like your mailserver accepting relay with an account from your domain without auth. why? after all its easy to reject mail from *dynamic* reverse ipaddr and i am nearly sure that you will find the ip in serveral rbls as well you might filter with clam and sanesecurity and use greylisting etc that all can be done before passing mail to spamassassin the score is near to mark, so i would say give a litte more priors to RDNS_DYNAMIC or and use more rules, looks like image spam, fuzzy ocr may help etc, but as i said there is a lot you should and can do before accepting such mails on smtp income level -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
