You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Tarak Ranjan <co...@yahoo.co.in> on 2008/03/11 08:49:30 UTC

AOL Spam

Hi List,
i'm getting lots of AOL spam, im attaching the mail ,
here is my SA log..

Mar 11 12:47:17 mail qmail-scanner[10609]:
Clear:RC:0(64.12.137.4):SA:0(-0.6/4.0): 0.982348 859 jcoatesl@aol.com
redmond@liqwidkrystal.com Changing_careers_but_lack_the_right_Degree?
<c6...@aol.com> 1205219837.10611-0.mail.example.com:268
orig-mail.example.com120521983680210609:859
Mar 11 12:47:17 mail qmail-scanner[10609]:
Clear:RC:0(64.12.137.4):SA:0(-0.6/4.0): 0.982348 859 jcoatesl@aol.com
rebekah_fernandes@liqwidkrystal.com
Changing_careers_but_lack_the_right_Degree?
<c6...@aol.com> 1205219837.10611-0.mail.example.com:268
orig-mail.example.com120521983680210609:859

please suggest me what to do.......

/
Tarak

Re: AOL Spam

Posted by SM <sm...@resistor.net>.

Hi.
At 00:49 11-03-2008, Tarak Ranjan wrote:
>i'm getting lots of AOL spam, im attaching the mail ,
>here is my SA log..
>
>Mar 11 12:47:17 mail qmail-scanner[10609]:
>Clear:RC:0(64.12.137.4):SA:0(-0.6/4.0): 0.982348 859 jcoatesl@aol.com
>redmond@liqwidkrystal.com Changing_careers_but_lack_the_right_Degree?
><c6...@aol.com> 1205219837.10611-0.mail.example.com:268
>orig-mail.example.com120521983680210609:859

What rules did the message hit? The url is listed in URIBL_GREY.

Regards,
-sm

Re: AOL Spam

Posted by Robert Schetterer <ro...@schetterer.org>.

Tarak Ranjan schrieb:
> Hi List,
> i'm getting lots of AOL spam, im attaching the mail ,
> here is my SA log..
> 
> Mar 11 12:47:17 mail qmail-scanner[10609]:
> Clear:RC:0(64.12.137.4):SA:0(-0.6/4.0): 0.982348 859 jcoatesl@aol.com
> redmond@liqwidkrystal.com Changing_careers_but_lack_the_right_Degree?
> <c6...@aol.com> 1205219837.10611-0.mail.example.com:268
> orig-mail.example.com120521983680210609:859
> Mar 11 12:47:17 mail qmail-scanner[10609]:
> Clear:RC:0(64.12.137.4):SA:0(-0.6/4.0): 0.982348 859 jcoatesl@aol.com
> rebekah_fernandes@liqwidkrystal.com
> Changing_careers_but_lack_the_right_Degree?
> <c6...@aol.com> 1205219837.10611-0.mail.example.com:268
> orig-mail.example.com120521983680210609:859
> 
> please suggest me what to do.......
> 
> /
> Tarak
> 
Hi, use spf filter
so aol.com spam should be rejected before it will be checked
with spamassassin

dig -t txt aol.com
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.4.1-P1 <<>> -t txt aol.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37929
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;aol.com.                       IN      TXT

;; ANSWER SECTION:
aol.com.                300     IN      TXT     "spf2.0/pra 
ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 
ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 
ip4:64.12.138.0/24 ip4:64.12.143.99/32 ip4:64.12.143.100/32 
ip4:64.12.143.101/32 ptr:mx.aol.com ?all"
aol.com.                300     IN      TXT     "v=spf1 
ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 
ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 
ip4:64.12.138.0/24 ip4:64.12.143.99/32 ip4:64.12.143.100/32 
ip4:64.12.143.101/32 ptr:mx.aol.com ?all"

;; AUTHORITY SECTION:
aol.com.                3600    IN      NS      dns-07.ns.aol.com.
aol.com.                3600    IN      NS      dns-01.ns.aol.com.
aol.com.                3600    IN      NS      dns-02.ns.aol.com.
aol.com.                3600    IN      NS      dns-06.ns.aol.com.

;; Query time: 1 msec
;; SERVER: 192.168.111.1#53(192.168.111.1)
;; WHEN: Tue Mar 11 09:15:55 2008
;; MSG SIZE  rcvd: 604


-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: AOL Spam

Posted by Robert Schetterer <ro...@schetterer.org>.

Tarak Ranjan schrieb:
> On Tue, 2008-03-11 at 09:20 +0100, Robert Schetterer wrote:
>> Tarak Ranjan schrieb:
>>> Hi List,
>>> i'm getting lots of AOL spam, im attaching the mail ,
>>> here is my SA log..
>>>
>>> Mar 11 12:47:17 mail qmail-scanner[10609]:
>>> Clear:RC:0(64.12.137.4):SA:0(-0.6/4.0): 0.982348 859 jcoatesl@aol.com
>>> redmond@liqwidkrystal.com Changing_careers_but_lack_the_right_Degree?
>>> <c6...@aol.com> 1205219837.10611-0.mail.example.com:268
>>> orig-mail.example.com120521983680210609:859
>>> Mar 11 12:47:17 mail qmail-scanner[10609]:
>>> Clear:RC:0(64.12.137.4):SA:0(-0.6/4.0): 0.982348 859 jcoatesl@aol.com
>>> rebekah_fernandes@liqwidkrystal.com
>>> Changing_careers_but_lack_the_right_Degree?
>>> <c6...@aol.com> 1205219837.10611-0.mail.example.com:268
>>> orig-mail.example.com120521983680210609:859
> 
>> Sorry i think i ve missinterpreted your logs, spf will not work
>> when mail is orginal from aol servers
> 
> is there any other way to stop those unsolicited mails....
> 
> 
> /
> Tarak 
> 
> 

Hm, i dont think
you will find a universal  method
to stop junk mail delivered from legal aol servers
same goes to other hijacked massmail hosters
mailaccounts at smtp level.

If the sender address is always the same you
could simply reject it, but i dont think
it is, normally these hijacked sender adresses ( mailaccounts)  are only 
use once.

So recognizing and marking with spamassassin is the best
and only way for this kind of spam, i think, you can try delete mail
or hold it when spam level is rising to high.

If the server is yours and mail is only delivered for your own domains
deleting/quarantaine high spam level mails is no problem ( but i wouldnt 
recommend it )
if you are doing mail for customers be aware that it might not be legal
to delete spam for them in your country.

But perhaps someone here has better ideas for you

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: AOL Spam

Posted by Tarak Ranjan <co...@yahoo.co.in>.

On Tue, 2008-03-11 at 09:20 +0100, Robert Schetterer wrote:
> Tarak Ranjan schrieb:
> > Hi List,
> > i'm getting lots of AOL spam, im attaching the mail ,
> > here is my SA log..
> > 
> > Mar 11 12:47:17 mail qmail-scanner[10609]:
> > Clear:RC:0(64.12.137.4):SA:0(-0.6/4.0): 0.982348 859 jcoatesl@aol.com
> > redmond@liqwidkrystal.com Changing_careers_but_lack_the_right_Degree?
> > <c6...@aol.com> 1205219837.10611-0.mail.example.com:268
> > orig-mail.example.com120521983680210609:859
> > Mar 11 12:47:17 mail qmail-scanner[10609]:
> > Clear:RC:0(64.12.137.4):SA:0(-0.6/4.0): 0.982348 859 jcoatesl@aol.com
> > rebekah_fernandes@liqwidkrystal.com
> > Changing_careers_but_lack_the_right_Degree?
> > <c6...@aol.com> 1205219837.10611-0.mail.example.com:268
> > orig-mail.example.com120521983680210609:859

> > 
> Sorry i think i ve missinterpreted your logs, spf will not work
> when mail is orginal from aol servers

is there any other way to stop those unsolicited mails....


/
Tarak

Re: AOL Spam

Posted by Robert Schetterer <ro...@schetterer.org>.

Tarak Ranjan schrieb:
> Hi List,
> i'm getting lots of AOL spam, im attaching the mail ,
> here is my SA log..
> 
> Mar 11 12:47:17 mail qmail-scanner[10609]:
> Clear:RC:0(64.12.137.4):SA:0(-0.6/4.0): 0.982348 859 jcoatesl@aol.com
> redmond@liqwidkrystal.com Changing_careers_but_lack_the_right_Degree?
> <c6...@aol.com> 1205219837.10611-0.mail.example.com:268
> orig-mail.example.com120521983680210609:859
> Mar 11 12:47:17 mail qmail-scanner[10609]:
> Clear:RC:0(64.12.137.4):SA:0(-0.6/4.0): 0.982348 859 jcoatesl@aol.com
> rebekah_fernandes@liqwidkrystal.com
> Changing_careers_but_lack_the_right_Degree?
> <c6...@aol.com> 1205219837.10611-0.mail.example.com:268
> orig-mail.example.com120521983680210609:859
> 
> please suggest me what to do.......
> 
> /
> Tarak
> 
Sorry i think i ve missinterpreted your logs, spf will not work
when mail is orginal from aol servers


-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria