2010/10/12 Karsten Bräckelmann <guent...@rudersport.de>: > On Tue, 2010-10-12 at 10:32 -1000, Julian Yap wrote: >> NOTE: I changed the domains below to 'dot info' as the mailing list >> rejected my initial submission. >> >> I'm pretty sure it's not just me but there is some constant spamming >> from dot info domains. Perhaps for the past 2 months or so. >> >> Often they send hundreds per day and consistently from the same IP's. >> >> Are people using automated IP blacklists or something like that? > > Yes. SA even uses them by default. > > What do your SA rules triggered look like? Check your identified spam. > Do you see RCVD_IN_* rules? > > If not, you are having DNS problems, or deliberately disabled those > network checks.
Many of the don't trigger the RCVD_IN_* rules. Does anyone implement their own private DNS black list? Here's a latest one: From: "Juice Up My Income" <a...@parkrasive dot info> Subject: Sometimes timing is everything Date Received: Oct 12, 2010 13:43 PM Rules triggers: 7.9 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000] 1.2 HOST_EQ_STATIC HOST_EQ_STATIC -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 1.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.5 MY_OBFUX RAW: X with unusual chars 0.3 MY_OBFU_MISC RAW: Misc unusual chars together 0.3 HOST_MISMATCH_COM HOST_MISMATCH_COM 0.3 MIME_8BIT_HEADER Message header contains 8-bit character 1.4 HELO_MISMATCH_INFO HELO_MISMATCH_INFO 0.0 SUBJECT_NEEDS_ENCODING SUBJECT_NEEDS_ENCODING 0.0 T_REMOTE_IMAGE Message contains an external image