Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
All spam?
neilr at syntaxica
Mar 15, 2004, 7:36 AM
Post #1 of 9 (964 views)
Permalink
As of this morning almost all mail that is going through our mail server is
being marked as spam.
Even mails with a seemingly normal header/content are marked spam.

e.g.
====
Return-Path: <owner-list@dclug.org.uk>
Received: from syntaxica.ensim.dedicated-servers.co.uk (root@localhost)
by syntaxica.co.uk (8.11.6/8.11.6) with ESMTP id i2FCuv618701
for <neilr@syntaxica.co.uk>; Mon, 15 Mar 2004 12:56:57 GMT
X-ClientAddr: 212.67.197.71
Received: from pi.a-squared.co.uk (pi.a-squared.co.uk [212.67.197.71])
by syntaxica.ensim.dedicated-servers.co.uk (8.11.6/8.11.6) with ESMTP id
i2FCtob18663
for <neilr@syntaxica.co.uk>; Mon, 15 Mar 2004 12:55:50 GMT
Received: from majordom by pi.a-squared.co.uk with local (Exim 4.30)
id 1B2rcP-0005FO-Ro
for list-out@dclug.org.uk; Mon, 15 Mar 2004 12:54:57 +0000
Received: from mx5.ifl.net ([194.154.16.100])
by pi.a-squared.co.uk with esmtp (Exim 4.30)
id 1B2rcP-0005FJ-MD
for list@dclug.org.uk; Mon, 15 Mar 2004 12:54:57 +0000
Received: from mx0.swgfl.ifl.net (mx.swgfl.ifl.net [62.171.194.109])
by mx5.ifl.net (8.12.10/8.12.10) with ESMTP id i2FCsvn5002367
for <list@dclug.org.uk>; Mon, 15 Mar 2004 12:54:57 GMT
Received: from basil.callington-comm.cornwall.sch.uk
(curric-station-102.callington-comm.cornwall.sch.uk [10.0.12.117])
by mx0.swgfl.ifl.net (8.12.10/8.12.5) with ESMTP id i2FCsops011032
for <list@dclug.org.uk>; Mon, 15 Mar 2004 12:54:55 GMT
Received: from jwonlaptop (unknown [10.0.14.176])
by basil.callington-comm.cornwall.sch.uk (Postfix) with ESMTP id 2DAA42765
for <list@dclug.org.uk>; Mon, 15 Mar 2004 12:56:22 +0000 (GMT)
From: "James Wonnacott" <jwon@callington-comm.cornwall.sch.uk>
To: <list@dclug.org.uk>
Subject: {Spam?} RE: [LUG] LUG BBQ?
Date: Mon, 15 Mar 2004 12:52:54 -0000
Organization: Callington Community College
Message-ID: <000001c40a8c$6ee81820$b00e000a@callingtoncomm.cornwall.sch.uk>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
In-Reply-To: <22997094-765F-11D8-BA8C-000A9580D75E@littlebigfoot.org.uk>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-IFL-MailScanner-Information: Please contact the IFL support for more
information
X-IFL-MailScanner: Found to be clean
X-MailScanner-From: jwon@callington-comm.cornwall.sch.uk
Sender: owner-list@dclug.org.uk
Precedence: bulk
Reply-To: list@dclug.org.uk
X-MailScanner-Information: Please contact the ISP for more information
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin (score=-12.3,
required 5, BAYES_01, IN_REP_TO, QUOTED_EMAIL_TEXT, SUBJ_ALL_CAPS)
Status:
================================

So why with a score of -12.3 is this marked as spam? Any help appreciated.

Neil.
Re: All spam? [ In reply to ]
martinh at solid-state-logic
Mar 15, 2004, 7:46 AM
Post #2 of 9 (958 views)
Permalink
Neil

the infinite monkeys RBL is dead, in fact has been useless for a while.

Take it out of your config..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Neil Russell wrote:
> As of this morning almost all mail that is going through our mail server is
> being marked as spam.
> Even mails with a seemingly normal header/content are marked spam.
>
> e.g.
> ====
> Return-Path: <owner-list@dclug.org.uk>
> Received: from syntaxica.ensim.dedicated-servers.co.uk (root@localhost)
> by syntaxica.co.uk (8.11.6/8.11.6) with ESMTP id i2FCuv618701
> for <neilr@syntaxica.co.uk>; Mon, 15 Mar 2004 12:56:57 GMT
> X-ClientAddr: 212.67.197.71
> Received: from pi.a-squared.co.uk (pi.a-squared.co.uk [212.67.197.71])
> by syntaxica.ensim.dedicated-servers.co.uk (8.11.6/8.11.6) with ESMTP id
> i2FCtob18663
> for <neilr@syntaxica.co.uk>; Mon, 15 Mar 2004 12:55:50 GMT
> Received: from majordom by pi.a-squared.co.uk with local (Exim 4.30)
> id 1B2rcP-0005FO-Ro
> for list-out@dclug.org.uk; Mon, 15 Mar 2004 12:54:57 +0000
> Received: from mx5.ifl.net ([194.154.16.100])
> by pi.a-squared.co.uk with esmtp (Exim 4.30)
> id 1B2rcP-0005FJ-MD
> for list@dclug.org.uk; Mon, 15 Mar 2004 12:54:57 +0000
> Received: from mx0.swgfl.ifl.net (mx.swgfl.ifl.net [62.171.194.109])
> by mx5.ifl.net (8.12.10/8.12.10) with ESMTP id i2FCsvn5002367
> for <list@dclug.org.uk>; Mon, 15 Mar 2004 12:54:57 GMT
> Received: from basil.callington-comm.cornwall.sch.uk
> (curric-station-102.callington-comm.cornwall.sch.uk [10.0.12.117])
> by mx0.swgfl.ifl.net (8.12.10/8.12.5) with ESMTP id i2FCsops011032
> for <list@dclug.org.uk>; Mon, 15 Mar 2004 12:54:55 GMT
> Received: from jwonlaptop (unknown [10.0.14.176])
> by basil.callington-comm.cornwall.sch.uk (Postfix) with ESMTP id 2DAA42765
> for <list@dclug.org.uk>; Mon, 15 Mar 2004 12:56:22 +0000 (GMT)
> From: "James Wonnacott" <jwon@callington-comm.cornwall.sch.uk>
> To: <list@dclug.org.uk>
> Subject: {Spam?} RE: [LUG] LUG BBQ?
> Date: Mon, 15 Mar 2004 12:52:54 -0000
> Organization: Callington Community College
> Message-ID: <000001c40a8c$6ee81820$b00e000a@callingtoncomm.cornwall.sch.uk>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3 (Normal)
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook, Build 10.0.2616
> In-Reply-To: <22997094-765F-11D8-BA8C-000A9580D75E@littlebigfoot.org.uk>
> Importance: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
> X-IFL-MailScanner-Information: Please contact the IFL support for more
> information
> X-IFL-MailScanner: Found to be clean
> X-MailScanner-From: jwon@callington-comm.cornwall.sch.uk
> Sender: owner-list@dclug.org.uk
> Precedence: bulk
> Reply-To: list@dclug.org.uk
> X-MailScanner-Information: Please contact the ISP for more information
> X-MailScanner: Found to be clean
> X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin (score=-12.3,
> required 5, BAYES_01, IN_REP_TO, QUOTED_EMAIL_TEXT, SUBJ_ALL_CAPS)
> Status:
> ================================
>
> So why with a score of -12.3 is this marked as spam? Any help appreciated.
>
> Neil.
>
>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************
Re: All spam? [ In reply to ]
gcirino at cirelle
Mar 15, 2004, 7:50 AM
Post #3 of 9 (960 views)
Permalink
monkeys is off-line for good (source from another list)

you should remove the check for monkeys and that
should fix the problem

Greg

----- Original Message -----
From: "Neil Russell" <neilr@syntaxica.co.uk>
To: <spamassassin-users@incubator.apache.org>
Sent: Monday, March 15, 2004 9:36 AM
Subject: All spam?


|
| As of this morning almost all mail that is going through our mail server is
| being marked as spam.
| Even mails with a seemingly normal header/content are marked spam.
|
| e.g.
| ====
| Return-Path: <owner-list@dclug.org.uk>
| Received: from syntaxica.ensim.dedicated-servers.co.uk (root@localhost)
| by syntaxica.co.uk (8.11.6/8.11.6) with ESMTP id i2FCuv618701
| for <neilr@syntaxica.co.uk>; Mon, 15 Mar 2004 12:56:57 GMT
| X-ClientAddr: 212.67.197.71
| Received: from pi.a-squared.co.uk (pi.a-squared.co.uk [212.67.197.71])
| by syntaxica.ensim.dedicated-servers.co.uk (8.11.6/8.11.6) with ESMTP id
| i2FCtob18663
| for <neilr@syntaxica.co.uk>; Mon, 15 Mar 2004 12:55:50 GMT
| Received: from majordom by pi.a-squared.co.uk with local (Exim 4.30)
| id 1B2rcP-0005FO-Ro
| for list-out@dclug.org.uk; Mon, 15 Mar 2004 12:54:57 +0000
| Received: from mx5.ifl.net ([194.154.16.100])
| by pi.a-squared.co.uk with esmtp (Exim 4.30)
| id 1B2rcP-0005FJ-MD
| for list@dclug.org.uk; Mon, 15 Mar 2004 12:54:57 +0000
| Received: from mx0.swgfl.ifl.net (mx.swgfl.ifl.net [62.171.194.109])
| by mx5.ifl.net (8.12.10/8.12.10) with ESMTP id i2FCsvn5002367
| for <list@dclug.org.uk>; Mon, 15 Mar 2004 12:54:57 GMT
| Received: from basil.callington-comm.cornwall.sch.uk
| (curric-station-102.callington-comm.cornwall.sch.uk [10.0.12.117])
| by mx0.swgfl.ifl.net (8.12.10/8.12.5) with ESMTP id i2FCsops011032
| for <list@dclug.org.uk>; Mon, 15 Mar 2004 12:54:55 GMT
| Received: from jwonlaptop (unknown [10.0.14.176])
| by basil.callington-comm.cornwall.sch.uk (Postfix) with ESMTP id 2DAA42765
| for <list@dclug.org.uk>; Mon, 15 Mar 2004 12:56:22 +0000 (GMT)
| From: "James Wonnacott" <jwon@callington-comm.cornwall.sch.uk>
| To: <list@dclug.org.uk>
| Subject: {Spam?} RE: [LUG] LUG BBQ?
| Date: Mon, 15 Mar 2004 12:52:54 -0000
| Organization: Callington Community College
| Message-ID: <000001c40a8c$6ee81820$b00e000a@callingtoncomm.cornwall.sch.uk>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="us-ascii"
| Content-Transfer-Encoding: 7bit
| X-Priority: 3 (Normal)
| X-MSMail-Priority: Normal
| X-Mailer: Microsoft Outlook, Build 10.0.2616
| In-Reply-To: <22997094-765F-11D8-BA8C-000A9580D75E@littlebigfoot.org.uk>
| Importance: Normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
| X-IFL-MailScanner-Information: Please contact the IFL support for more
| information
| X-IFL-MailScanner: Found to be clean
| X-MailScanner-From: jwon@callington-comm.cornwall.sch.uk
| Sender: owner-list@dclug.org.uk
| Precedence: bulk
| Reply-To: list@dclug.org.uk
| X-MailScanner-Information: Please contact the ISP for more information
| X-MailScanner: Found to be clean
| X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin (score=-12.3,
| required 5, BAYES_01, IN_REP_TO, QUOTED_EMAIL_TEXT, SUBJ_ALL_CAPS)
| Status:
| ================================
|
| So why with a score of -12.3 is this marked as spam? Any help appreciated.
|
| Neil.
|
|
RE: All spam? [ In reply to ]
gary at primeexalia
Mar 15, 2004, 7:56 AM
Post #4 of 9 (959 views)
Permalink
It's troublesome to know that some of the blacklists people are using
are dying. There have been like 2 or 3 in the last 6 months. What are
the best RBL's in place right now?



-----Original Message-----
From: Greg Cirino - Cirelle Enterprises [mailto:gcirino@cirelle.com]
Sent: Monday, March 15, 2004 6:51 AM
To: Neil Russell; spamassassin-users@incubator.apache.org
Subject: Re: All spam?

monkeys is off-line for good (source from another list)

you should remove the check for monkeys and that
should fix the problem

Greg
Re: All spam? [ In reply to ]
mkettler at evi-inc
Mar 15, 2004, 8:00 AM
Post #5 of 9 (957 views)
Permalink
At 09:36 AM 3/15/2004, Neil Russell wrote:
>X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin (score=-12.3,
> required 5, BAYES_01, IN_REP_TO, QUOTED_EMAIL_TEXT, SUBJ_ALL_CAPS)
>Status:

That's a MailScanner issue.. MailScanner is tagging it because one of the
IPs is listed in Infinite-Monkeys, and you've configured that as a
spam-list in MailScanner.

I'd suggest posting on the MailScanner list if you have further questions
about it.
Re: All spam? [ In reply to ]
gcirino at cirelle
Mar 15, 2004, 8:04 AM
Post #6 of 9 (954 views)
Permalink
----- Original Message -----
From: "Gary Smith" <gary@primeexalia.com>

>It's troublesome to know that some of the blacklists people are using
>are dying. There have been like 2 or 3 in the last 6 months. What are
>the best RBL's in place right now?

we use:

list.dsbl.org
sbl.spamhaus.org
cbl.abuseat.org
dul.dnsbl.sorbs.net
dnsbl.njabl.org
cn-kr.blackholes.us
multihop.dsbl.org
russia.blackholes.us
japan.blackholes.us
charter.blackholes.us
argentina.blackholes.us
nigeria.blackholes.us
brazil.blackholes.us

Greg
Re: All spam? [ In reply to ]
martinh at solid-state-logic
Mar 15, 2004, 8:19 AM
Post #7 of 9 (953 views)
Permalink
Already been discussed on the MS list, infact just like here, a lot of
people are wondering why they've all there email marked as spam.

Infinite-Monkeys was taken out of the default MS settings quite a while
ago as its been 'unmaintained' for a while now I believe.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Kettler wrote:
> At 09:36 AM 3/15/2004, Neil Russell wrote:
>
>> X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin
>> (score=-12.3,
>> required 5, BAYES_01, IN_REP_TO, QUOTED_EMAIL_TEXT,
>> SUBJ_ALL_CAPS)
>> Status:
>
>
> That's a MailScanner issue.. MailScanner is tagging it because one of
> the IPs is listed in Infinite-Monkeys, and you've configured that as a
> spam-list in MailScanner.
>
> I'd suggest posting on the MailScanner list if you have further
> questions about it
>
>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************
RE: All spam? [ In reply to ]
apthorpe+sa at cynistar
Mar 15, 2004, 11:00 AM
Post #8 of 9 (952 views)
Permalink
Hi,

On Mon, 15 Mar 2004, Gary Smith wrote:

> It's troublesome to know that some of the blacklists people are using
> are dying. There have been like 2 or 3 in the last 6 months. What are
> the best RBL's in place right now?

I reject using the following:

sbl-xbl.spamhaus.org (combination of XBL & SBL, XBL contains CBL)
dnsbl.njabl.org
dnsbl.sorbs.net
rhsbl.sorbs.net
opm.blitzed.org
relays.ordb.org
bogusmx.rfc-ignorant.org
list.dsbl.org

My policy is to drop connections from known dynamic allocations. This
offends some people but I have a single lingering false positive (someone
sending a newsletter directly from their RR account rather than via RR's
mail servers.)

For a while I had

bogons.dnsiplists.completewhois.com
hijacked.dnsiplists.completewhois.com

but they weren't available enough to be useful (too many lookup failures.)

Additionally, I drop SMTP connections from systems that have
broken/missing rDNS and those that HELO with something other than a
matching resolvable hostname. These kill off almost as many spam attempts
as do the DNSBLs.

RFCI, Spamcop, etc. are used within SA; they're useful in scoring mail but
not accurate enough as a single rejection criterion.

-- Bob
Re: All spam? [ In reply to ]
kremels at kreme
Mar 15, 2004, 11:33 AM
Post #9 of 9 (956 views)
Permalink
On Mar 15, 2004, at 8:04 AM, Greg Cirino - Cirelle Enterprises wrote:

> ----- Original Message -----
> From: "Gary Smith" <gary@primeexalia.com>
>
>> It's troublesome to know that some of the blacklists people are using
>> are dying. There have been like 2 or 3 in the last 6 months. What
>> are
>> the best RBL's in place right now?
>
> we use:
>
> cbl.abuseat.org
> cn-kr.blackholes.us

Are the only two I use. Works very well. cn-kr is mostly redundant,
but it does catch a few that cbl misses.

cbl blocks: 89.93%
cn-kr blocks: 10.16%


--
...when you're no longer searching for beauty or love, just some kind
of life with the edges taken off. When you can't even define what it
is that you're frightened of; this song will be here.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal