On Tue, 19 Aug 2014, Greg Ledford wrote:
What exactly are SA headers supposed to look like?
SA headers look like this:
X-Spam-Flag: NO
X-Spam-Score: 0.138
X-Spam-Level:
X-Spam-Status: No, score=0.138 tagged_above=-100 required=5
tests=[MISSING_MID=0.14, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=no autolearn_force=no
I’m still getting quite a bit of spam coming through. It’s blocking
quite a bit but I’m not so sure SA is even doing its job.
Messages are apparently being scanned, though they don't appear to be
hitting much in the way of rules...
Is there maybe a way to just block everything from anything .us?
That would probably be easier to do in your MTA before the message is
even passed to SA.
Stuff like this is being missed (what’s really amusing is this list
blocked my original response because IT sure seems to know what spam
is!) :
If that's a spam, then please post the entire message, with all headers
intact in their raw form, to pastebin and post the URL here. That will let
us take a look at what rules are hit in our environment and suggest
possible fixes.
Note: if the headers look like this:
From: Fast-Funds684
<[email protected]<mailto:[email protected]>>
i.e., with <mailto:...> injected, they probably are not "raw". I don't
know of the best way to get a raw RFC-822-format message out of Exchange,
but I assume there is a way.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
People think they're trading chaos for order [by ceding more and
more power to the Government], but they're just trading normal
human evil for the really dangerous organized kind of evil, the
kind that simply does not give a shit. Only bureaucrats can give
you true evil. -- Larry Correia
-----------------------------------------------------------------------
5 days until the 1935th anniversary of the destruction of Pompeii
