[opensuse] I'm getting spam that has been cleared by www.dnswl.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
It appears that spamassassin does a test against www.dnswl.org to
whitelist addresses:
X-Spam-Status: No, score=3.2 required=5.0 tests=AWL,BAYES_99,RCVD_IN_DNSWL_HI,
RDNS_NONE,SUBJ_ALL_CAPS autolearn=disabled version=3.2.4
The problem is that, the RCVD_IN_DNSWL_HI gives the email a high negative
score (not spam) to an email that is clearly spam.
score RCVD_IN_DNSWL_LOW 0 -1 0 -1
score RCVD_IN_DNSWL_MED 0 -4 0 -4
score RCVD_IN_DNSWL_HI 0 -8 0 -8
I have no idea how to know which of the received headers spamassassin
thinks it is good. And if I learn who it is, I do not know either how to
tell the folk of that white list they should blacklist it.
These are the headers:
Return-Path:
Carlos E. R. wrote:
Hi,
It appears that spamassassin does a test against www.dnswl.org to whitelist addresses:
X-Spam-Status: No, score=3.2 required=5.0 tests=AWL,BAYES_99,RCVD_IN_DNSWL_HI, RDNS_NONE,SUBJ_ALL_CAPS autolearn=disabled version=3.2.4
The problem is that, the RCVD_IN_DNSWL_HI gives the email a high negative score (not spam) to an email that is clearly spam.
Yes, that is the purpose of DNSWL. If you're absolutely positive that what you is spam, I would talk to the guys at dnswl.org.
I have no idea how to know which of the received headers spamassassin thinks it is good. And if I learn who it is, I do not know either how to tell the folk of that white list they should blacklist it.
Is it possible that that email was relayed via the suse mailserver, and that those are whitelisted by dnswl.org? /Per -- /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2009-01-12 at 09:35 +0100, Per Jessen wrote:
Carlos E. R. wrote:
Hi,
It appears that spamassassin does a test against www.dnswl.org to whitelist addresses:
X-Spam-Status: No, score=3.2 required=5.0 tests=AWL,BAYES_99,RCVD_IN_DNSWL_HI, RDNS_NONE,SUBJ_ALL_CAPS autolearn=disabled version=3.2.4
The problem is that, the RCVD_IN_DNSWL_HI gives the email a high negative score (not spam) to an email that is clearly spam.
Yes, that is the purpose of DNSWL. If you're absolutely positive that what you is spam, I would talk to the guys at dnswl.org.
I didn't see a reporting box. :-?
I have no idea how to know which of the received headers spamassassin thinks it is good. And if I learn who it is, I do not know either how to tell the folk of that white list they should blacklist it.
Is it possible that that email was relayed via the suse mailserver, and that those are whitelisted by dnswl.org?
Yes, I think that is the case, for the one tagged "HI"; it was sent to my opensuse.org alias. I got two others tagged MED and LO. The problem is that Spamassassin doesn't explain which "received" header it is marking as "whitelisted". What I have done is I lowered the score tenfold, I don't think we can trust that score that much as to give it "-8" points. If it gives high scores to any opensuse.org address, when it works as a remailer, it doesn't make sense. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAklrSJoACgkQtTMYHG2NR9WUyQCfa+cN7+ohQ1dUuNL1ldgRxQ1G fwsAnjNzav/KXa3ndqPbK3xn2uomWKRz =p+se -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
Yes, that is the purpose of DNSWL. If you're absolutely positive that what you is spam, I would talk to the guys at dnswl.org.
I didn't see a reporting box. :-?
Maybe here: http://www.dnswl.org/request -- /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
I have no idea how to know which of the received headers spamassassin thinks it is good. And if I learn who it is, I do not know either how to tell the folk of that white list they should blacklist it.
Is it possible that that email was relayed via the suse mailserver, and that those are whitelisted by dnswl.org?
Yes, I think that is the case, for the one tagged "HI"; it was sent to my opensuse.org alias. I got two others tagged MED and LO.
mx1.suse.de = 195.135.220.2 is listed as HI at dnswl.org.
What I have done is I lowered the score tenfold, I don't think we can trust that score that much as to give it "-8" points. If it gives high scores to any opensuse.org address, when it works as a remailer, it doesn't make sense.
The right thing would be to have the opensuse.org mail handled by a separate server, IMHO. -- /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. escribió:
X-PHP-Script: mail.nuevavision.com.pe/webmail/index.php for 82.128.35.170, 82.128.35.170
There you have the guilty, a PHP webmail script.. contact server admin of mail.nuevavision.com.pe and tell them that mail.nuevavision.com.pe/webmail/index.php is being used for spamming.. either an spammer got access to an account in the server, or the script misuses php's mail() function (not uncommon, it is hard to use it correctly) -- "We have art in order not to die of the truth" - Friedrich Nietzsche Cristian Rodríguez R. Software Developer Platform/OpenSUSE - Core Services SUSE LINUX Products GmbH Research & Development http://www.opensuse.org/
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-ID:
Carlos E. R. escribió:
X-PHP-Script: mail.nuevavision.com.pe/webmail/index.php for 82.128.35.170, 82.128.35.170
There you have the guilty, a PHP webmail script.. contact server admin of mail.nuevavision.com.pe and tell them that mail.nuevavision.com.pe/webmail/index.php is being used for spamming.. either an spammer got access to an account in the server, or the script misuses php's mail() function (not uncommon, it is hard to use it correctly)
Humm! :-} I don't think I can contact the hundred of sysadmins responsible for the hundreds of spams I receive a day. What I can do is adjust my spamassassin configuration so that it detects most spam - and it appears that I can not trust www.dnswl.org so as to give a -8 score just because the mail passed by a certain server: ie, my solution is to decrease that score ten times. The mx1.suse.de is good, but that doesn't mean that any email that passes through there is safe. Per is probably right, separating the remailer to another server could be a good thing. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAklr6vcACgkQtTMYHG2NR9XFrgCfTBe81Q6DjFsk3N9gZsl7VHvY RAcAnA4Y1SLrfQv3MlQD4bl1frPhp1he =dli4 -----END PGP SIGNATURE-----
participants (4)
-
Carlos E. R. -
Carlos E. R. -
Cristian Rodríguez -
Per Jessen