Mailinglist Archive: opensuse (3513 mails)

< Previous Next >
[opensuse] I'm getting spam that has been cleared by www.dnswl.org
  • From: "Carlos E. R." <carlos.e.r@xxxxxxxxxxxx>
  • Date: Sun, 11 Jan 2009 02:52:12 +0100 (CET)
  • Message-id: <alpine.LSU.2.00.0901110231380.5838@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hi,

It appears that spamassassin does a test against www.dnswl.org to whitelist addresses:

X-Spam-Status: No, score=3.2 required=5.0 tests=AWL,BAYES_99,RCVD_IN_DNSWL_HI,
RDNS_NONE,SUBJ_ALL_CAPS autolearn=disabled version=3.2.4


The problem is that, the RCVD_IN_DNSWL_HI gives the email a high negative score (not spam) to an email that is clearly spam.

score RCVD_IN_DNSWL_LOW 0 -1 0 -1
score RCVD_IN_DNSWL_MED 0 -4 0 -4
score RCVD_IN_DNSWL_HI 0 -8 0 -8


I have no idea how to know which of the received headers spamassassin thinks it is good. And if I learn who it is, I do not know either how to tell the folk of that white list they should blacklist it.

These are the headers:

Return-Path: <deacon.davd@xxxxxxxxxxx>
...

Received: from nuevavision.com.pe (linuxnv.nuevavision.com.pe [200.60.36.128])
by mx1.suse.de (Postfix) with ESMTP id 1FCE3455AF
for <carlos.e.r@xxxxxxxxxxxx>; Sun, 11 Jan 2009 01:30:52 +0100 (CET)
Received: by nuevavision.com.pe (Postfix, from userid 33)
id 6A409110BF6; Sat, 10 Jan 2009 19:24:15 -0500 (PET)
To: undisclosed-recipients: ;
Subject: IN GOD WE TRUST
X-PHP-Script: mail.nuevavision.com.pe/webmail/index.php for 82.128.35.170, 82.128.35.170
MIME-Version: 1.0
Date: Sat, 10 Jan 2009 19:24:15 -0500
From: Deacon David <Deacon.Davd@xxxxxxxxxxx>
Organization: Deacons Organization
Reply-To: deacon.david@xxxxxxxxxxx
Message-ID: <ffa929d6d054c8f42d04580b99d4d816@xxxxxxxxxxxxxxxxxx>
X-Sender: Deacon.Davd@xxxxxxxxxxx
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
X-unconfigured-debian-site-MailScanner: Found to be clean
X-unconfigured-debian-site-MailScanner-SpamScore: s
X-unconfigured-debian-site-MailScanner-From: deacon.davd@xxxxxxxxxxx



And the tests are negative:

cer@nimrodel:~> host linuxnv.nuevavision.com.pe
linuxnv.nuevavision.com.pe has address 200.60.36.128
cer@nimrodel:~> host 128.36.60.200.list.dnswl.org
Host 128.36.60.200.list.dnswl.org not found: 3(NXDOMAIN)

cer@nimrodel:~> host Deacons.com
Deacons.com has address 216.180.38.185
Deacons.com mail is handled by 5 mx2.fanmail.com.
cer@nimrodel:~> host 185.38.180.216.list.dnswl.org
Host 185.38.180.216.list.dnswl.org not found: 3(NXDOMAIN)

cer@nimrodel:~> host 170.35.128.82.list.dnswl.org
Host 170.35.128.82.list.dnswl.org not found: 3(NXDOMAIN)


This would be a possitive result:

cer@nimrodel:~> host 2.0.0.127.list.dnswl.org
2.0.0.127.list.dnswl.org has address 127.0.10.0




These people suggest the following scores for spamassassin:

score RCVD_IN_DNSWL_LOW -1
score RCVD_IN_DNSWL_MED -10
score RCVD_IN_DNSWL_HI -100

We have a lower score in opensuse 11.0:

score RCVD_IN_DNSWL_LOW 0 -1 0 -1
score RCVD_IN_DNSWL_MED 0 -4 0 -4
score RCVD_IN_DNSWL_HI 0 -8 0 -8


But I think I'm going to lower it even more, to -0.1, -0.2 and -0.4.


:-/



- -- Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAklpUNMACgkQtTMYHG2NR9VaegCfcGAGU5t2r14ZGiN4hFJUNGNQ
MfUAoJFwvysHYfN2cHJ51dOAHH0dMcPV
=Xuku
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >