You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by JP <sa...@b-dub.org> on 2004/10/27 06:34:51 UTC
I am a spammer???
So I have querried the Postfix list with this problem to no avail so I
come to you all the veritable encyclopedia of all things spam, although
this one is a little different.
In short mail that comes from my domain is being tagged as spam by
entities such as Hotmail and yahoo, as well as the spam filtering
mechanisims a couple of kind souls on the postfix list who shared rules
which fired on my messages but offered no solution.
Here is the set-up. I host my own domain on a measly 700mhz Athalonn box
running SuSE 9.1. I am a residential subscriber of cable internet service
provided by OptOnline (which means I have a dynamically assigned IP
address, which hasn't changed in over a year now).
I use Squirrelmail as the MUA and I have it configured so that it relays
mail directly to my providers SMTP server 'mail.optonline.net' so that is
never hits local postfix service. (well the provider that my home network
is connected through)
I work on the road 4 days a week and dial-up through various providers and
(hence SqMail as the MUA) would that matter at all, either way It still
gets sent from the server box correct?
I have verified that my domain is not listed as an open relay, although my
IP being that it is in a "Dynamic" range is listed in a few of the RHBLs.
But I do not see this behaviour using Outlook on my XP box which is
basically the same thing as using SqMail right, i.e. they both connect
directly to the smtp server mail.optonline.net
Do you all know of anything I can do in this situation to help keep my
mails from ending up in spam folders or worse sent into the black hole
that is /dev/null
Here are the Spam rules and headers from one of my e-mails that a kind
postfixer sent me:
> Content analysis details: (7.5 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
--------------------------------------------------
> -0.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> 3.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP
> [24.44.185.239 listed in dnsbl.njabl.org]
> 2.6 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
> [24.44.185.239 listed in dnsbl.sorbs.net]
> 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
> [24.44.185.239 listed in dnsbl.sorbs.net]
> 0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
> [24.44.185.239 listed in dnsbl.njabl.org]
> 1.2 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer
>
Return-Path: <po...@b-dub.org>
Received: from jojda.zasran.com ([unix socket])
by jojda (Cyrus v2.1.16-IPv6-Debian-2.1.16-10) with LMTP; Wed, 13 Oct
2004 12:24:02 -0700
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost.localdomain [127.0.0.1])
by jojda.zasran.com (Postfix) with ESMTP id 3CAF4C8037
for <Ki...@localhost>; Wed, 13 Oct 2004 12:24:02 -0700 (PDT)
Received: from pop.rawbw.com [198.144.192.41]
by localhost with POP3 (fetchmail-6.2.5)
for Kind@localhost (single-drop); Wed, 13 Oct 2004 12:24:02 -0700
(PDT)
Received: from localhost by mail0.rawbw.com
with SpamAssassin (2.63 2004-01-11);
Wed, 13 Oct 2004 12:23:18 -0700
From: JP <po...@b-dub.org>
To: Erik Steffl <Ki...@person.com>
Subject: Re: Mail from me is marked as Spam?
Date: Wed, 13 Oct 2004 15:29:42 -0400 (EDT)
Message-Id: <35...@webmail.b-dub.org>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail0.rawbw.com
X-Spam-Level: ********
X-Spam-Status: Yes, hits=8.1 required=5.0 tests=BAYES_00,J_CHICKENPOX_34,
PRIORITY_NO_NAME,RCVD_IN_DYNABLOCK,RCVD_IN_NJABL,RCVD_IN_NJABL_DIALUP,
RCVD_IN_SORBS autolearn=no version=2.63
MIME-Version: 1.0
Re: I am a spammer???
Posted by JP <sa...@b-dub.org>.
> dyndns.org allows the use of non-standard ports for mail relay
>
> I'd be interested to see a message sent from your outlook client and one
> from the 'problem' machine in order to compare the headers. Feel free
> to directly send me one sample from each and I'll post the results.
>
Based on the message from Brian, I just sent it to the list, it looks as
though I am out of luck using SqMl either way. As my ISP's relay is not
marked in any of the RBLs it is my physical IP that is causing the problem
b/c it is in a registered as 'dynamic' block.
I will see about sending you an e-mail from outlook when I return home
tonight thanks for the offer!!
Jp
Re: I am a spammer???
Posted by Adam Lanier <ad...@krusty.madoff.com>.
JP wrote:
>
> But the problem is that my ISP, OptOnline, blocks port 25 both incoming
> and outgoing so I am forced to use their SMTP server to get mail to the
> outside world (I use a 'reflector' service from no-ip.com to get around
> the incoming mail issue, I point my MX record to thier machine which in
> turns passes the mail to my system on an alternate port).
>
> I assume that the problem is that b-dub.org is associated with an IP
> address which is in a dynamic block? As my ISP provided mail
> 'user01@optonline.net' which I send/recieve via outlook on a winXP box
> does not get scored this way (well at least my friends with Hotmail and
> yahoo accounts do not report that messages from said account go into their
> spam folder)?
>
> I should think that the headers would be much the same as in both
> situations the mail originates from 24.44.185.239 and goes directly to the
> SMTP server mail.optonline.net and out to its destination?
>
> Thanks for all the assistance,
> JP
>
dyndns.org allows the use of non-standard ports for mail relay
I'd be interested to see a message sent from your outlook client and one
from the 'problem' machine in order to compare the headers. Feel free
to directly send me one sample from each and I'll post the results.
--
Adam Lanier
Bernard L. Madoff Investment Securities LLC
Re: I am a spammer???
Posted by JP <sa...@b-dub.org>.
> JP wrote:
>>>Might I suggest recommending that the postfixer fix his postfix?
>>
>>
>> Thanks Matt!
>> I will certainly return the kind favor and pass your notes onto the
>> postfixer.
>>
>> Thanks again for taking the time!
>>
>> JP
>>
>>
>> ------------------------------------------------------------------------
>>
>> --------------------- SpamAssassin Results -------------------------
>> Content analysis details: (6.1 hits, 6.0 required)
>> -1.4 BAYES_20 BODY: Bayesian spam probability is 20 to 30%
>> [score: 0.2082]
>> 3.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP
>> [24.44.185.239 listed in dnsbl.njabl.org]
>> 2.6 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
>> [24.44.185.239 listed in dnsbl.sorbs.net]
>> 0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
>> [24.44.185.239 listed in dnsbl.njabl.org]
>> 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
>> [24.44.185.239 listed in dnsbl.sorbs.net]
>> [4.239.231.129 listed in dnsbl.sorbs.net]
>> 1.2 PRIORITY_NO_NAME Message has priority setting, but no
>> X-Mailer
>>
>> -------------------- End of SpamAssassin results ---------------------
>
> FYI: here's what your last message scored here. This is all stock SA
> scoring.
>
> I think your problem is simply that you are sending from an ip address
> that is on a lot of dnsbl's.
>
> You may want to consider using a service like dynDNS.org where, in
> addition to hosting your domain/dns records, you can use them as a MX
> host/mail relay. There is, of course, a small fee for the relay services.
Thanks Adam,
But the problem is that my ISP, OptOnline, blocks port 25 both incoming
and outgoing so I am forced to use their SMTP server to get mail to the
outside world (I use a 'reflector' service from no-ip.com to get around
the incoming mail issue, I point my MX record to thier machine which in
turns passes the mail to my system on an alternate port).
I assume that the problem is that b-dub.org is associated with an IP
address which is in a dynamic block? As my ISP provided mail
'user01@optonline.net' which I send/recieve via outlook on a winXP box
does not get scored this way (well at least my friends with Hotmail and
yahoo accounts do not report that messages from said account go into their
spam folder)?
I should think that the headers would be much the same as in both
situations the mail originates from 24.44.185.239 and goes directly to the
SMTP server mail.optonline.net and out to its destination?
Thanks for all the assistance,
JP
Re: I am a spammer???
Posted by JP <sa...@b-dub.org>.
> Might I suggest recommending that the postfixer fix his postfix?
Thanks Matt!
I will certainly return the kind favor and pass your notes onto the
postfixer.
Thanks again for taking the time!
JP
Re: I am a spammer???
Posted by Matt Kettler <mk...@comcast.net>.
At 12:34 AM 10/27/2004 -0400, JP wrote:
>Here are the Spam rules and headers from one of my e-mails that a kind
>postfixer sent me:
You're not a spammer.. your kind postfixer just has a broken setup and
doesn't realize it.
First, it appears the kind postfixer has a broken trust path. The copy of
SA is failing to realize the mail was relayed. Your messages don't match
any of the DUL or DYNABLOCK lists on a properly configured server, but
broken trust paths can cause SA to think that your ISPs mailserver is
actualy part of the postfixer's network, not the ISP's network.
Second, to add insult to injury, this kind postfixer reduced the score of
BAYES_00 to nearly 0, effectively poisoning his own site with a serious
pro-spam bend.
Had he even been using the default SA 3.x score for BAYES_00 (which is
-2.599) the message would have ducked under the threshold and not have been
tagged. Instead, he's zeroed the score, probably because of FN problems due
to poor training, and is causing all kinds of scoring havok.
If bayes isn't working, disable it, but don't zero out the scores of the
extreemes.. that's asking for a copious quantity of trouble.
Might I suggest recommending that the postfixer fix his postfix?