spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Miller <kevin.mil...@juneau.org>
Subject Bogus day old domains from RRPPROXY.NET
Date Thu, 19 Feb 2015 19:50:17 GMT
Lately we've been getting slammed by spam.  The bulk of it (no pun intended) is coming from
new domains (many just a day or two old) which originate from key-systems gmbh, and all use
RRPPROXY.NET as their name servers such as this snippet from whois:

   Domain Name: WATTSMINDANDBODYLAB.COM
   Registrar: KEY-SYSTEMS GMBH
   Sponsoring Registrar IANA ID: 269
   Whois Server: whois.rrpproxy.net
   Referral URL: http://www.key-systems.net
   Name Server: NS1.RRPPROXY.NET
   Name Server: NS2.RRPPROXY.NET
   Name Server: NS3.RRPPROXY.NET
   Status: ok http://www.icann.org/epp#OK
   Updated Date: 19-feb-2015
   Creation Date: 19-feb-2015
   Expiration Date: 19-feb-2016

The Day Old Bread rules don't seem to catch them.  

The message is posted in pastebin:  http://pastebin.com/9FhgEiwa

My scores for this are:
SpamAssassin Score:	4.71
Spam Report:	
Score	Matching Rule	Description
	cached	 
	score=4.711	 
5	required	 
-0.00	BAYES_20	     Bayesian spam probability is 5 to 20%
2.50	CBJ_Dementia	Mail with dementia
1.50	CBJ_Sicko	     Disease related spam
0.00	HTML_MESSAGE	HTML included in message
0.72	MIME_HTML_ONLY	Message only has text/html MIME parts
-0.00	SPF_HELO_PASS	SPF: HELO matches SPF record
-0.00	SPF_PASS	SPF: sender matches SPF record
-0.01	T_RP_MATCHES_RCVD	

Is there a way to reject or up the score on anything that is served up by that name server
or registar?  I was thinking maybe putting the rrproxy.net nameserver in my dns as 127.0.0.1,
on the theory that if it doesn't resolve the message will be rejected at the MTA level.  It
would be nice to have a bit more control over it, just in case however.  Any pearls of wisdom?

Thanks...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 



Mime
View raw message