mrmaxx Posted October 5, 2006 Posted October 5, 2006 I've got *all* the block lists enabled and have SpamAssassin set to level 2. I'm afraid to drop it to level 1, or does that work in reverse with 10 being more aggressive and 1 being less aggressive? AIUI, a "level 2" setting for SA is extremely aggressive and I'm still getting tons of spam through. OTOH, I'm nuking/quick-reporting a couple thousand a day, probably, but I'm still getting an exhorbitant amount of spam getting through. Anything else to cut back on the spam that's getting through?
Farelf Posted October 5, 2006 Posted October 5, 2006 ... Anything else to cut back on the spam that's getting through?You've not looked at the draft/in progress FAQ? http://forum.spamcop.net/forums/index.php?...ost&p=12048
StevenUnderwood Posted October 5, 2006 Posted October 5, 2006 You've not looked at the draft/in progress FAQ? http://forum.spamcop.net/forums/index.php?...ost&p=12048 Have you looked at the headers to see WHY they are getting through? What is the SA number being produced by these messages?
DavidT Posted October 5, 2006 Posted October 5, 2006 mrmaxx, Are you possibly using a "catch all" feature on a domain that you control? (IOW, any address at that domain that's not specifically designated will still get delivered to you). DT
mrmaxx Posted October 5, 2006 Author Posted October 5, 2006 Are you possibly using a "catch all" feature on a domain that you control? (IOW, any address at that domain that's not specifically designated will still get delivered to you). Yep. That's why the other thread is not more of a "why am I getting these bounces" but more of a "how much longer" I am thinking of switching registrars, so that I can get rid of the "catchall" feature and go with specific email addresses. Have you looked at the headers to see WHY they are getting through? What is the SA number being produced by these messages? Ya know... that's a good question. Unfortunately, at this point, I don't have any to look at, but I'll take a look at the next one. Silly me... I have been around long enough to know to do that stuff, but I still asked a silly question. Sheesh...
mrmaxx Posted October 6, 2006 Author Posted October 6, 2006 Ok. Here's the headers from one of the spams that got through: Return-Path: <jyzt[at]tiendaclick.com.ar> Delivered-To: spamcop-net-mrmaxx[at]spamcop.net Received: (qmail 22898 invoked from network); 6 Oct 2006 10:56:17 -0000 X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade6 X-spam-Level: * X-spam-Status: hits=1.9 tests=HTML_00_10,HTML_MESSAGE,MIME_HTML_ONLY, RCVD_NUMERIC_HELO version=3.1.1 Received: from unknown (HELO c60.cesmail.net) (192.168.1.105) by blade6.cesmail.net with SMTP; 6 Oct 2006 10:56:17 -0000 Received: from mailgate.cesmail.net ([216.154.195.36]) by c60.cesmail.net with SMTP; 06 Oct 2006 06:55:54 -0400 X-IronPort-AV: i="4.09,271,1157342400"; d="gif'147?scan'147,208,217,147"; a="390195928:sNHT83365160" Received: (qmail 24601 invoked from network); 6 Oct 2006 10:55:54 -0000 Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101) by mailgate.cesmail.net with SMTP; 6 Oct 2006 10:55:54 -0000 Received: from mail.chattanooga.net [66.129.1.5] by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) for mrmaxx[at]spamcop.net (single-drop); Fri, 06 Oct 2006 06:55:54 -0400 (EDT) Received: from psmtp.com (exprod7mx54.postini.com [64.18.2.104]) by mail.chattanooga.net (8.12.11.20060308/8.12.11) with SMTP id k96AswMC015341 for <x>; Fri, 6 Oct 2006 06:54:59 -0400 Received: from source ([124.7.66.159]) by exprod7mx54.postini.com ([64.18.6.14]) with SMTP; Fri, 06 Oct 2006 03:54:50 PDT Received: (qmail 12308 invoked from network); Fri, 6 Oct 2006 16:28:49 +0530 Received: from unknown (HELO 124.7.111.134) (124.7.111.134) by segment-124-7.sify.net with SMTP; Fri, 6 Oct 2006 16:28:49 +0530 Message-ID: <452635DA.1040602[at]tiendaclick.com.ar> Date: Fri, 6 Oct 2006 16:24:18 +0530 From: Evelina Tracy <jyzt[at]tiendaclick.com.ar> User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: x Subject: obsolescence Content-Type: multipart/related; boundary="------------000100080009050805010904" X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 66.129.1.5 64.18.2.104 124.7.66.159 64.18.6.14 124.7.111.134 124.7.111.134 X-UID: 252749 X-Length: 20196 (SNIP) Looks like it slipped through SA by only getting a 1.9 spam score.
StevenUnderwood Posted October 6, 2006 Posted October 6, 2006 (SNIP) X-spam-Level: * X-spam-Status: hits=1.9 tests=HTML_00_10,HTML_MESSAGE,MIME_HTML_ONLY, RCVD_NUMERIC_HELO version=3.1.1 (SNIP) Received: from source ([124.7.66.159]) by exprod7mx54.postini.com ([64.18.6.14]) with SMTP; Fri, 06 Oct 2006 03:54:50 PDT (SNIP) X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 66.129.1.5 64.18.2.104 124.7.66.159 64.18.6.14 124.7.111.134 124.7.111.134 (SNIP) Looks like it slipped through SA by only getting a 1.9 spam score. Yup. I doubt you want to set SA down to 1 Knowing Postini's headers, Received: from source ([124.7.66.159]) should be where they got the message. There are no visible reports yet on any of these IP addresses, however, except for those nasty people behind mailgate.cesmail.net. 66.129.1.5 has a blank report history link which may or may not mean anything (reported but data not available to the public yet????).
mrmaxx Posted October 6, 2006 Author Posted October 6, 2006 Yup. I doubt you want to set SA down to 1 Knowing Postini's headers, Received: from source ([124.7.66.159]) should be where they got the message. There are no visible reports yet on any of these IP addresses, however, except for those nasty people behind mailgate.cesmail.net. 66.129.1.5 has a blank report history link which may or may not mean anything (reported but data not available to the public yet????). Heh.. I know who 66.129.1.5 is... they're cool. They're my old employers, where I still have a mail account. My dad "owns" the account now, so he can get his Juno email faster than analog dial-up (my account is a 64/128K ISDN <G>)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.