Getting LOADS of spam

[mrmaxx]

I've got *all* the block lists enabled and have SpamAssassin set to level 2. I'm afraid to drop it to level 1, or does that work in reverse with 10 being more aggressive and 1 being less aggressive?

AIUI, a "level 2" setting for SA is extremely aggressive and I'm still getting tons of spam through. OTOH, I'm nuking/quick-reporting a couple thousand a day, probably, but I'm still getting an exhorbitant amount of spam getting through. Anything else to cut back on the spam that's getting through?

[Farelf]

... Anything else to cut back on the spam that's getting through?

You've not looked at the draft/in progress FAQ? http://forum.spamcop.net/forums/index.php?...ost&p=12048

[StevenUnderwood]

You've not looked at the draft/in progress FAQ? http://forum.spamcop.net/forums/index.php?...ost&p=12048

Have you looked at the headers to see WHY they are getting through? What is the SA number being produced by these messages?

[DavidT]

mrmaxx,

Are you possibly using a "catch all" feature on a domain that you control? (IOW, any address at that domain that's not specifically designated will still get delivered to you).

DT

[mrmaxx]

Are you possibly using a "catch all" feature on a domain that you control? (IOW, any address at that domain that's not specifically designated will still get delivered to you).

Yep. That's why the other thread is not more of a "why am I getting these bounces" but more of a "how much longer"

I am thinking of switching registrars, so that I can get rid of the "catchall" feature and go with specific email addresses.

Have you looked at the headers to see WHY they are getting through? What is the SA number being produced by these messages?

Ya know... that's a good question. Unfortunately, at this point, I don't have any to look at, but I'll take a look at the next one. Silly me... I have been around long enough to know to do that stuff, but I still asked a silly question. Sheesh...

[mrmaxx]

Ok. Here's the headers from one of the spams that got through:

Return-Path: <jyzt[at]tiendaclick.com.ar>

Delivered-To: spamcop-net-mrmaxx[at]spamcop.net

Received: (qmail 22898 invoked from network); 6 Oct 2006 10:56:17 -0000

X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade6

X-spam-Level: *

X-spam-Status: hits=1.9 tests=HTML_00_10,HTML_MESSAGE,MIME_HTML_ONLY,

RCVD_NUMERIC_HELO version=3.1.1

Received: from unknown (HELO c60.cesmail.net) (192.168.1.105)

by blade6.cesmail.net with SMTP; 6 Oct 2006 10:56:17 -0000

Received: from mailgate.cesmail.net ([216.154.195.36])

by c60.cesmail.net with SMTP; 06 Oct 2006 06:55:54 -0400

X-IronPort-AV: i="4.09,271,1157342400";

d="gif'147?scan'147,208,217,147"; a="390195928:sNHT83365160"

Received: (qmail 24601 invoked from network); 6 Oct 2006 10:55:54 -0000

Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)

by mailgate.cesmail.net with SMTP; 6 Oct 2006 10:55:54 -0000

Received: from mail.chattanooga.net [66.129.1.5]

by mailgate.cesmail.net with POP3 (fetchmail-6.2.1)

for mrmaxx[at]spamcop.net (single-drop); Fri, 06 Oct 2006 06:55:54 -0400 (EDT)

Received: from psmtp.com (exprod7mx54.postini.com [64.18.2.104])

by mail.chattanooga.net (8.12.11.20060308/8.12.11) with SMTP id k96AswMC015341

for <x>; Fri, 6 Oct 2006 06:54:59 -0400

Received: from source ([124.7.66.159]) by exprod7mx54.postini.com ([64.18.6.14]) with SMTP;

Fri, 06 Oct 2006 03:54:50 PDT

Received: (qmail 12308 invoked from network); Fri, 6 Oct 2006 16:28:49 +0530

Received: from unknown (HELO 124.7.111.134) (124.7.111.134)

by segment-124-7.sify.net with SMTP; Fri, 6 Oct 2006 16:28:49 +0530

Message-ID: <452635DA.1040602[at]tiendaclick.com.ar>

Date: Fri, 6 Oct 2006 16:24:18 +0530

From: Evelina Tracy <jyzt[at]tiendaclick.com.ar>

User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)

MIME-Version: 1.0

To: x

Subject: obsolescence

Content-Type: multipart/related;

boundary="------------000100080009050805010904"

X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 66.129.1.5 64.18.2.104 124.7.66.159 64.18.6.14 124.7.111.134 124.7.111.134

X-UID: 252749

X-Length: 20196

(SNIP)

Looks like it slipped through SA by only getting a 1.9 spam score.

[StevenUnderwood]

(SNIP)

X-spam-Level: *

X-spam-Status: hits=1.9 tests=HTML_00_10,HTML_MESSAGE,MIME_HTML_ONLY,

RCVD_NUMERIC_HELO version=3.1.1

(SNIP)

Received: from source ([124.7.66.159]) by exprod7mx54.postini.com ([64.18.6.14]) with SMTP;

Fri, 06 Oct 2006 03:54:50 PDT

(SNIP)

X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 66.129.1.5 64.18.2.104 124.7.66.159 64.18.6.14 124.7.111.134 124.7.111.134

(SNIP)

Looks like it slipped through SA by only getting a 1.9 spam score.

Yup. I doubt you want to set SA down to 1

Knowing Postini's headers, Received: from source ([124.7.66.159]) should be where they got the message. There are no visible reports yet on any of these IP addresses, however, except for those nasty people behind mailgate.cesmail.net. 66.129.1.5 has a blank report history link which may or may not mean anything (reported but data not available to the public yet????).

[mrmaxx]

Yup. I doubt you want to set SA down to 1

Knowing Postini's headers, Received: from source ([124.7.66.159]) should be where they got the message. There are no visible reports yet on any of these IP addresses, however, except for those nasty people behind mailgate.cesmail.net. 66.129.1.5 has a blank report history link which may or may not mean anything (reported but data not available to the public yet????).

Heh.. I know who 66.129.1.5 is... they're cool. They're my old employers, where I still have a mail account. My dad "owns" the account now, so he can get his Juno email faster than analog dial-up (my account is a 64/128K ISDN <G>)