spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex <mysqlstud...@gmail.com>
Subject Re: Help with tagging hotmail spam
Date Tue, 04 Oct 2011 04:50:36 GMT
Hi,

>> I have a fedora15 box with v3.3.2 and I have some hotmail spam that I
>> can't figure out how to catch:
>>
>> http://pastebin.com/kkUUvYQp
>>
>> It's hitting BAYES_00 and no blacklists or other significant spam
>> rules and not sure how to tag it. The user has reported receiving this
>> spam several times before, each with a different URL in the body but
>> otherwise the same.
>>
>> It's still not listed in a URIBL.
>>
> X-Originating-IP hits Spamhaus XBL list. I would deep parse headers against
> SBL-XBL. This does have the potential for FPs on legitimate mail sent from
> infected computers also spewing botnet spam so take that into account in
> your scoring.

Okay, I see that it is (now) listed in the XBL, but I have zen being
checked at the smtp level with postfix and it didn't catch it. I guess
it's possible I received it before it was listed, but I also have zen
in SA, and although it appears to hit on zen, it isn't reflected in
the score.

This makes me think there's a different problem I'm having. This means
it hit zen, correct?

Oct  4 00:30:21.417 [12281] dbg: dns: hit
<dns:5.15.102.50.zen.spamhaus.org> 127.0.0.4

I've uploaded a new pastebin with full debugging, and hoped someone
could help me to investigate.

I've got the score to increase a bit by training it in bayes, but I'm
not even sure that's the right thing to do. How do this affect
legitimate mail received from hotmail?

Shouldn't mail from hotmail have a DKIM header, or maybe even SPF?

I also just realized dcc isn't configured on this box. Would that have
made a difference here?

# Full debugging
http://pastebin.com/raw.php?i=TGgRmJeW

# Original
http://pastebin.com/kkUUvYQp

Thanks again,
Alex

Mime
View raw message