OK I continue to get this problem - lots of spam is coming through now with:
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
medium trust
I think it's likely to have something to do with me changing the
machine's hostname to ip.game-point.net because it started happening
just after that. Can anyone think of why this might have caused the
problem and how I can fix it?
--
Best regards,
Jeremy Morton (Jez)
On 24/05/2012 10:14, Jeremy Morton wrote:
I've gotten a lot of false positives coming into my inbox lately, and
the principle reason for most of them seems to be that they are matching
the following rule:
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
medium trust
I'm not sure why they're matching this rule, so I thought I'd ask you
guys to see whether you could figure it out. Here's a sample message
that made it through my spam filter, which is definitely spam (note that
I have it configured to attach X-Spam-Report to every message so I can
see why it was NOT marked as spam):
==================================================
From - Wed May 23 10:53:41 2012
X-Account-Key: account2
X-UIDL: UID308596-1160697276
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path: <n...@etisbew.com>
Envelope-to: bugzi...@game-point.net
Delivery-date: Wed, 23 May 2012 10:37:58 +0100
Received: from [59.94.13.26]
by ip.game-point.net with esmtp (Exim 4.69)
(envelope-from <n...@etisbew.com>)
id 1SX80z-0005qn-7r
for bugzi...@game-point.net; Wed, 23 May 2012 10:37:58 +0100
Received: from apache by etisbew.com with local (Exim 4.63)
(envelope-from <splashed...@realliving.com>)
id A10PD7-HLT0O1-68
for bugzi...@game-point.net; Wed, 23 May 2012 15:07:55 +0530
To: bugzi...@game-point.net
Subject: Good afternoon,
Date: Wed, 23 May 2012 15:07:55 +0530
From: "Stella Cotton" <n...@etisbew.com>
Message-ID: <74fc52565ecb52bb625fd430cb8d1...@etisbew.com>
X-Priority: 3
X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="------------03070800307080108050505"
X-Spam-Status: No, score=0.7
X-Spam-Score: 7
X-Spam-Bar: /
X-Spam-Flag: NO
X-Spam-Report: Spam detection software, running on the system
"ip.game-point.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: It is what a man needs to overcome the most delicate
problem.
Your power and strength of your porksword will please her! Make your body
as strong as your spirit is!Click It is what a man needs to overcome the
most delicate problem. Your power and strength of your porksword will
please
her! Make your body as strong as your spirit is! [...]
Content analysis details: (0.7 points, 3.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: bestinternetdancer.com]
1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: bestinternetdancer.com]
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[59.94.13.26 listed in list.dnswl.org]
0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[59.94.13.26 listed in dnsbl.sorbs.net]
0.6 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.2 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
[score: 0.6609]
0.0 HTML_MESSAGE BODY: HTML included in message
This is a multi-part message in MIME format.
--------------03070800307080108050505
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-2"
It is what a man needs to overcome the most delicate problem. Your power
and strength of your porksword will please her! Make your body as strong
as your spirit is!Click
--------------03070800307080108050505
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1250">
<STYLE></STYLE>
</HEAD>
<BODY>
<div style="width:600px;">
<div style="background: none repeat scroll 0 0 #FDF3F0; border-top: 3px
solid #E7431D; padding: 25px;">
<div style="font-size: 180%;">
<em>It is what a man needs to overcome the most delicate problem.
<br>Your power and strength of your porksword will please her! <br>Make
your body as strong as your spirit is!</em>
</div>
</div>
<div id="nav" style="background: none repeat scroll 0 0 #4D4D4F;
font-size: 90%; line-height: 40px;">
<a style="color: #FFFFFF; padding: 12px 25px;"
href="http://pijqasos.bestinternetdancer.com/page.html?Wsl7zrBeopsqjfqBjDy27csllzE";>Click</a>
</div>
</div>
</BODY></HTML>
--------------03070800307080108050505--
==================================================
Any ideas why the sender would be in the dnswl with medium trust? I did
recently change my machine's hostname to ip.game-point.net.
