Mailing List Archive

On Tue, Mar 16, 2004 at 02:43:49PM -0800, Justin Mason wrote:
> They're hitting 51% of spam ;)
>
> Duncan, could you check these mishits:

They're all actually ham.

> 42.672 62.4448 0.4056 0.994 0.95 0.01 T_HELO_DYNAMIC_HCC:daf

I'm not really sure. They're ham. I think it has to do with the way my
ISP names it's mail servers.

I'll include the full Received headers for a ham that it hits and one
it doesn't (I suspect it might have to do with guessing trusted
hosts).

Hit:

Received: from localhost ([127.0.0.1])
by gold.daf.ddts.net with esmtp (Exim 4.22)
id 1A4l8b-0000Ek-Hy
for duncf-rogers@localhost; Wed, 01 Oct 2003 13:51:45 -0400
Received: from pop.bloor.is.net.cable.rogers.com [66.185.95.101]
by localhost with POP3 (fetchmail-6.2.4)
for duncf-rogers@localhost (single-drop); Wed, 01 Oct 2003 13:51:45 -0400 (EDT)
Received: from spf13.us4.outblaze.com ([205.158.62.67])
by fep02-mail.bloor.is.net.cable.rogers.com
(InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with ESMTP
id <20031001172928.GQKJ55942.fep02-mail.bloor.is.net.cable.rogers.com@spf13.us4.outblaze.com>
for <duncf@rogers.com>; Wed, 1 Oct 2003 13:29:28 -0400
Received: from 205-158-62-68.outblaze.com (205-158-62-68.outblaze.com [205.158.62.68])
by spf13.us4.outblaze.com (Postfix) with QMQP id 804251801C3A
for <duncf@rogers.com>; Wed, 1 Oct 2003 17:30:04 +0000 (GMT)
Received: (qmail 52023 invoked from network); 1 Oct 2003 17:29:52 -0000
Received: from unknown (HELO ws1-7.us4.outblaze.com) (205.158.62.57)
by 205-158-62-153.outblaze.com with SMTP; 1 Oct 2003 17:29:52 -0000
Received: (qmail 61235 invoked by uid 1001); 1 Oct 2003 17:29:48 -0000
Message-ID: <20031001172948.61234.qmail@mail.com>

No hit:
Received: from localhost ([127.0.0.1])
by gold.daf.ddts.net with esmtp (Exim 4.22)
id 19zPhx-0000Yg-Ew
for duncf-rogers@localhost; Tue, 16 Sep 2003 19:58:09 -0400
Received: from pop.bloor.is.net.cable.rogers.com [66.185.95.101]
by localhost with POP3 (fetchmail-6.2.4)
for duncf-rogers@localhost (single-drop); Tue, 16 Sep 2003 19:58:09 -0400 (EDT)
Received: from hotmail.com ([64.4.47.14])
by fep03-mail.bloor.is.net.cable.rogers.com
(InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with ESMTP
id <20030916235434.VUPJ322285.fep03-mail.bloor.is.net.cable.rogers.com@hotmail.com>
for <duncf@rogers.com>; Tue, 16 Sep 2003 19:54:34 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Tue, 16 Sep 2003 16:54:34 -0700
Received: from 130.15.202.194 by by9fd.bay9.hotmail.msn.com with HTTP;
Tue, 16 Sep 2003 23:54:26 GMT


> Same again, and Rod:

> 3.568 5.2352 0.0047 0.999 0.89 0.01 T_HELO_DYNAMIC_IPADDR2:daf

Only one hit.

Received: from localhost ([127.0.0.1])
by gold.daf.ddts.net with esmtp (Exim 4.30)
id 1AgHwH-00037u-Mw
for duncf-queens@localhost; Tue, 13 Jan 2004 01:22:09 -0500
Received: from qlink.queensu.ca [130.15.126.18]
by localhost with POP3 (fetchmail-6.2.4)
for duncf-queens@localhost (single-drop); Tue, 13 Jan 2004 01:22:09 -0500 (EST)
Received: from 130.15.xxx.xxx (DUxxx.Nxxx.ResNet.QueensU.CA [130.15.xxx.xxx])
by qlink.queensu.ca (8.12.10/8.12.10) with ESMTP id i0D6L7SP010951;
Tue, 13 Jan 2004 01:21:08 -0500 (EST)

X-Mailer: The Bat! (v2.00.6) Business


> and I think these may be hitting the same mails.
>
> 0.779 1.1406 0.0047 0.996 0.88 0.01 T_HELO_DYNAMIC_SPLIT_IP:daf

Same as above.

--
Duncan Findlay

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My hits are either

1) From the Mass Turnpike Authority:

Received: (qmail 4770 invoked by uid 526); 19 Feb 2004 22:04:17 -0000
Received: from bounce-traffic-17465@etraveler.masspike.com by
blazing.arsecandle
.org by uid 500 with qmail-scanner-1.20
(clamuko: 0.65. f-prot: 4.2.0/3.13.4. Clear:RC:1(127.0.0.1):.
Processed in 0.26441 secs); 19 Feb 2004 22:04:17 -0000
Delivered-To: rod-fastlane@arsecandle.org
Received: (qmail 4757 invoked by uid 526); 19 Feb 2004 22:04:15 -0000
Received: from bounce-traffic-17465@etraveler.masspike.com by
blazing.arsecandle
.org by uid 502 with qmail-scanner-1.20
(clamuko: 0.65. f-prot: 4.2.0/3.13.4. Clear:RC:0(207.190.209.207):.
Processed in 0.262346 secs); 19 Feb 2004 22:04:15 -0000
Received: from unknown (HELO 10.68.50.10) (207.190.209.207)
by blazing.arsecandle.org with SMTP; 19 Feb 2004 22:04:14 -0000
Received-SPF: none (blazing.arsecandle.org: SPF record at
etraveler.masspike.com
does not designate permitted sender hosts)
From: traffic@etraveler.masspike.com
Message-Id: <200402192148.QAA13297@web20.hostfarm.net>
Content-Transfer-Encoding: binary
Content-Type: multipart/alternative; boundary="_----------=_10772283515240"
MIME-Version: 1.0
X-Mailer: MIME::Lite 2.117 (F2.6; B2.12; Q2.03)
Date: Thu, 19 Feb 2004 22:05:51 UT
To: Begbie <rod-fastlane@arsecandle.org>


or

2) From my wife using the Horde IMP webmail on the mail server.

Received: (qmail 26263 invoked by uid 48); 8 Mar 2004 21:16:34 -0000
Received: from 66.228.88.195 ([66.228.88.195]) by blazing.arsecandle.org
(Horde) with HTTP for <joy@blazing.arsecandle.org>; Mon, 8 Mar 2004
16:16:34 -0500
Message-ID: <20040308161634.psesgkkk44gg0gck@blazing.arsecandle.org>
Date: Mon, 8 Mar 2004 16:16:34 -0500
From: Joy Begbie <joy@laughatlantis.com>
To: Rod Begbie <rod@arsecandle.org>
Subject: Re: [Fwd: Mortgage Pre-approval]
References: <404CD565.1030907@arsecandle.org>
In-Reply-To: <404CD565.1030907@arsecandle.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) 4.0-cvs

Rod.

- --
:: Rod Begbie :: http://www.groovymother.com/ ::
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)

iD8DBQFAV51eN/YdXIyAw18RArD8AKD6+eDnIiRhzGGzWjquz+JYav2HwwCgo8Lx
BdiAYMz2DjAY5UxCw4eOMkI=
=nxQA
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Thanks guys -- those FPS seem to be fixed now...

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFAV8RAQTcbUG5Y7woRAhaaAJ4qGm1/sgRBS5rieK62dEL/iaLeJwCgztUI
SJ8R5xfS0d0OIAL0Qs5TFAU=
=FhEP
-----END PGP SIGNATURE-----