spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Motty Cruz <motty.c...@gmail.com>
Subject Re: low score on very spammy email
Date Tue, 10 Apr 2018 22:28:27 GMT
Thank you very much for your suggestions David. MTA is configured to use 
RBLs,

reject_rbl_client b.barracudacentral.org

worked really well for me at one point. Also,

      reject_rbl_client zen.spamhaus.org,
      reject_rbl_client cbl.abuseat.org,
      reject_rbl_client bl.spamcop.net,
      reject_rbl_client multi.uribl.com,
      reject_rbl_client rabl.nuclearelephant.com,


On 04/10/2018 03:14 PM, David Jones wrote:
> On 04/10/2018 05:04 PM, Leandro wrote:
>> 2018-04-10 18:52 GMT-03:00 David Jones <djones@ena.com 
>> <mailto:djones@ena.com>>:
>>
>>     On 04/10/2018 04:47 PM, Leandro wrote:
>>
>>         2018-04-10 17:49 GMT-03:00 Motty Cruz <motty.cruz@gmail.com
>>         <mailto:motty.cruz@gmail.com> <mailto:motty.cruz@gmail.com
>>         <mailto:motty.cruz@gmail.com>>>:
>>
>>              I apologize here is the email headers and body
>>
>>         https://pastebin.com/bgXrfKaQ
>>
>>
>>
>>         You should not take this domain mrface.com <http://mrface.com>
>>         <http://mrface.com> seriously because it is a TLD used for free
>>         dynamic IP service (changeip.com <http://changeip.com>
>>         <http://changeip.com>).
>>
>>         There is even a fake Windows Update domain in this TLD:
>>
>>         ubuntu@matrix:~$ dig +short A windowsupdate.mrface.com
>>         <http://windowsupdate.mrface.com>
>>         <http://windowsupdate.mrface.com 
>> <http://windowsupdate.mrface.com>>
>>         185.133.40.63
>>
>>
>>
>>
>>              Thanks,
>>
>>
>>
>>     I noticed it was listed on the DBL dnsbl.spfbl.net
>>     <http://dnsbl.spfbl.net> and was just working to add that to my
>>     local rules.  Anyone know how to set this DBL up in SA?  I am trying
>>     to find an example in the stock SA rules now...
>>
>>
>>
>> Yes. We list any IP using any free dynamic TLD.
>>
>> A legit mail server never uses crap, or shouldn't use.
>>
>> Documentation to set this DNSBL at SA:
>>
>> https://spfbl.net/en/dnsbl/
>>
>>
>>     --     David Jones
>>
>>
>
> I found an example in KAM.cf:
>
> [root@server spamassassin]# pwd
> /etc/mail/spamassassin
> [root@server spamassassin]# cat 99_spfbl.cf
> ifplugin Mail::SpamAssassin::Plugin::DNSEval
>
> header        __RCVD_IN_SPFBL    eval:check_rbl('spfbl', 
> 'dnsbl.spfbl.net')
> tflags        __RCVD_IN_SPFBL    net
>
> header        __RCVD_IN_SPFBL_3    eval:check_rbl_sub('spfbl', 
> '127.0.0.3')
> meta        RCVD_IN_SPFBL    __RCVD_IN_SPFBL_3 && !RCVD_IN_SPFBL_LASTEXT
> describe    RCVD_IN_SPFBL    Received is listed in SPFBL.net RBL
> score        RCVD_IN_SPFBL    1.2
> tflags        RCVD_IN_SPFBL    net
>
> header        RCVD_IN_SPFBL_LASTEXT 
> eval:check_rbl('spfbl-lastexternal', 'dnsbl.spfbl.net')
> describe     RCVD_IN_SPFBL_LASTEXT    Last external is listed in 
> SPFBL.net RBL
> score        RCVD_IN_SPFBL_LASTEXT    2.2
> tflags        RCVD_IN_SPFBL_LASTEXT    net
>
> endif
>
> ifplugin Mail::SpamAssassin::Plugin::AskDNS
>
> askdns        SENDER_IN_SPFBL    _SENDERDOMAIN_.dnsbl.spfbl.net A 
> /^127\.0\.0\.3$/
> tflags        SENDER_IN_SPFBL    nice net
> describe    SENDER_IN_SPFBL    Sending domain listed in SPFBL.net DBL
> score        SENDER_IN_SPFBL    2.2
>
> endif
>


Mime
View raw message