You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Kenneth Porter <sh...@sewingwitch.com> on 2019/10/05 14:05:29 UTC
Facebook notifications sent from dynamic address
(Nothing wrong with SA. Just an FYI about a popular service that abuses the
Internet and SA catches it.)
I noticed one of my notifications from Facebook today got tagged by SA.
Here's the two that put it over:
3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2)
1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
[66.220.155.138 listed in dnsbl.sorbs.net]
Here's the offending header:
Received: from 66-220-155-138.mail-mail.facebook.com
(66-220-155-138.mail-mail.facebook.com [66.220.155.138])
So who do I bitch at? I've never found any good way to complain to Facebook.
Re: Facebook notifications sent from dynamic address
Posted by "@lbutlr" <kr...@kreme.com>.
On Oct 7, 2019, at 11:35 AM, Kris Deugau <kd...@vianet.ca> wrote:
> So tempting to let my inner BOFH out and just convert those to blacklist_from entries instead though…
So, so tempting!
--
"A synonym is a word you use when you can't spell the word you first
thought of." - Burt Bacharach
Re: Facebook notifications sent from dynamic address
Posted by Kris Deugau <kd...@vianet.ca>.
Kenneth Porter wrote:
> (Nothing wrong with SA. Just an FYI about a popular service that abuses
> the Internet and SA catches it.)
>
> I noticed one of my notifications from Facebook today got tagged by SA.
> Here's the two that put it over:
>
> 3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2)
> 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
> [66.220.155.138 listed in dnsbl.sorbs.net]
>
> Here's the offending header:
>
> Received: from 66-220-155-138.mail-mail.facebook.com
> (66-220-155-138.mail-mail.facebook.com [66.220.155.138])
>
> So who do I bitch at? I've never found any good way to complain to
> Facebook.
I long ago sighed and globally whitelisted as many generic Facebook
sending channels as I could find because of lunacy like this.
whitelist_from_rcvd *@facebookmail.com .tfbnw.com
whitelist_from_rcvd *@facebookmail.com .facebook.com
whitelist_from_rcvd *@facebookappmail.com .tfbnw.com
whitelist_from_rcvd *@facebookappmail.com .facebook.com
whitelist_from_dkim *@facebookmail.com
whitelist_from_dkim *@mail.instagram.com
So tempting to let my inner BOFH out and just convert those to
blacklist_from entries instead though...
Of course, having whitelisted them we now have a couple of customers who
routinely report various Facebook email notices as spam.
-kgd
Re: Facebook notifications sent from dynamic address
Posted by RW <rw...@googlemail.com>.
On Sat, 05 Oct 2019 07:05:29 -0700
Kenneth Porter wrote:
> (Nothing wrong with SA. Just an FYI about a popular service that
> abuses the Internet and SA catches it.)
I'd say it is SA's fault, the helo is:
66-220-155-138.mail-mail.facebook.com
which is clearly not a dynamic address because of the .mail-mail. label.
__HELO_DYNAMIC_IPADDR2 has an exception for [-.]static[-.], but nothing
else.
By contrast the default for the Botnet plugin is/was:
botnet_serverwords e?mail(out)? mta mx(pool)? relay smtp
botnet_serverwords static