You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by "@lbutlr" <kr...@kreme.com> on 2015/04/10 04:47:46 UTC

Can't find what is triggering blacklist

spamd: result: Y 97 - HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY,USER_IN_BLACKLIST scantime=1.0,size=4936,user=kremels,uid=58,required_score=5.0,rhost=localhost,raddr=::1,rport=50165,mid=<58...@kreme.com>,autolearn=no autolearn_force=no 

postfix/cleanup[4337]: 3lNN3J5FWhzJMhs: milter-reject: END-OF-MESSAGE from omnigroup.com[198.151.161.1]: 5.7.1 Blocked by SpamAssassin; from=<ma...@omnigroup.com> to=<kr...@kreme.com> proto=ESMTP helo=<omnigroup.com>

There are no grep hits in the spamassassin folder for “omnigroup” or even “omni”.

$ grep blacklist /etc/spamassassin/* 
/etc/spamassassin/local.cf:blacklist_from *.119
/etc/spamassassin/local.cf:blacklist_from *.administrator
/etc/spamassassin/local.cf:blacklist_from *.admin
/etc/spamassassin/local.cf:blacklist_from *.adsl
/etc/spamassassin/local.cf:blacklist_from *.arpa
/etc/spamassassin/local.cf:blacklist_from *.bac
/etc/spamassassin/local.cf:blacklist_from *.beeline
/etc/spamassassin/local.cf:blacklist_from *.cici
/etc/spamassassin/local.cf:blacklist_from *.coma
/etc/spamassassin/local.cf:blacklist_from *.dhcp
/etc/spamassassin/local.cf:blacklist_from *.dlink
/etc/spamassassin/local.cf:blacklist_from *.dns
/etc/spamassassin/local.cf:blacklist_from *.domain
/etc/spamassassin/local.cf:blacklist_from *.dynamic
/etc/spamassassin/local.cf:blacklist_from *.dyndns\.org
/etc/spamassassin/local.cf:blacklist_from *.dyn
/etc/spamassassin/local.cf:blacklist_from *.firewall
/etc/spamassassin/local.cf:blacklist_from *.gateway
/etc/spamassassin/local.cf:blacklist_from *.hananet
/etc/spamassassin/local.cf:blacklist_from *.home
/etc/spamassassin/local.cf:blacklist_from *.internal
/etc/spamassassin/local.cf:blacklist_from *.intern
/etc/spamassassin/local.cf:blacklist_from *.janak
/etc/spamassassin/local.cf:blacklist_from *.kornet
/etc/spamassassin/local.cf:blacklist_from *.lab
/etc/spamassassin/local.cf:blacklist_from *.lan
/etc/spamassassin/local.cf:blacklist_from *.localdomain
/etc/spamassassin/local.cf:blacklist_from *.localhost
/etc/spamassassin/local.cf:blacklist_from *.local
/etc/spamassassin/local.cf:blacklist_from *.loc
/etc/spamassassin/local.cf:blacklist_from *.lokal
/etc/spamassassin/local.cf:blacklist_from *.mail
/etc/spamassassin/local.cf:blacklist_from *.nat
/etc/spamassassin/local.cf:blacklist_from *.netzwerk
/etc/spamassassin/local.cf:blacklist_from *.pc
/etc/spamassassin/local.cf:blacklist_from *.private
/etc/spamassassin/local.cf:blacklist_from *.privat
/etc/spamassassin/local.cf:blacklist_from *.priv
/etc/spamassassin/local.cf:blacklist_from *.router
/etc/spamassassin/local.cf:blacklist_from *.setup
/etc/spamassassin/local.cf:blacklist_from *.skbroadband
/etc/spamassassin/local.cf:blacklist_from *.tbroad
/etc/spamassassin/local.cf:blacklist_uri_host science
/etc/spamassassin/local.cf:blacklist_uri_host work
/etc/spamassassin/local.cf:blacklist_uri_host click

(But nothing has changed in local.cf in several days and I got emails from the list earlier today).

-- 
All Hell hadn't been let loose. It was merely Detritus. But from a few
feet away you couldn't tell the difference.

Re: Can't find what is triggering blacklist

Posted by "@lbutlr" <kr...@kreme.com>.

> On Apr 10, 2015, at 5:53 AM, Axb <ax...@gmail.com> wrote:
> 
> On 04/10/2015 01:36 PM, @lbutlr wrote:
>>> On Apr 10, 2015, at 12:11 AM, Christian Laußat
>>> <sp...@list.laussat.de> wrote:
>>> 
>>> On 10.04.2015 04:47, @lbutlr wrote:
>>>> spamd: result: Y 97 -
>>>> HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY,USER_IN_BLACKLIST
>>>> 
>>>> 
> scantime=1.0,size=4936,user=kremels,uid=58,required_score=5.0,rhost=localhost,raddr=::1,rport=50165,mid=<58...@kreme.com>,autolearn=no
>>>> autolearn_force=no postfix/cleanup[4337]: 3lNN3J5FWhzJMhs:
>>>> milter-reject: END-OF-MESSAGE from omnigroup.com[198.151.161.1]:
>>>> 5.7.1 Blocked by SpamAssassin;
>>>> from=<ma...@omnigroup.com> to=<kr...@kreme.com>
>>>> proto=ESMTP helo=<omnigroup.com> There are no grep hits in the
>>>> spamassassin folder for “omnigroup” or even “omni”.
>>> 
>>> Your log sample shows only the envelope "From" used at SMTP level,
>>> but a (faked?) "From:" header could have triggered the blacklist.
>> 
>> True, but this is mailing list and the message was expected (it was
>> my own post being sent to me by the lost), so that is not probable
>> (and the message I was excepting from the list did not show up).
>> 
>> Obviously, I can’t check the message.
> 
> "Obviously" you didn't think of whitelisting your subscribed mailing lists .-)

No, and I never have. As I said, I received email from the list earlier the same day.

> But as the list probably has an archive, you can find your "expected" msg there. and use that to figure out what hit the blacklisting, “obviously"

List archives do not store the entire raw message. There is nothing obviously different about the message I sent than any other messages I’ve sent to the list over the last 15 years.

<http://www.omnigroup.com/mailman/archive/macosx-talk/2015-April/142379.html>

Oddly, it appears to be working now.

spamd[4944]: spamd: result: . -2 - HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY scantime=0.4,size=2527,user=kremels,uid=58,required_score=5.0,rhost=localhost,raddr=::1,rport=52499,mid=<A6...@kreme.com>,autolearn=unavailable autolearn_force=no 



-- 
'I cannot! He has been kindness itself to me!' 'And you can be Death
itself to him.'

Re: Can't find what is triggering blacklist

Posted by Axb <ax...@gmail.com>.

On 04/10/2015 01:36 PM, @lbutlr wrote:
>> On Apr 10, 2015, at 12:11 AM, Christian Laußat
>> <sp...@list.laussat.de> wrote:
>>
>> On 10.04.2015 04:47, @lbutlr wrote:
>>> spamd: result: Y 97 -
>>> HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY,USER_IN_BLACKLIST
>>>
>>>
scantime=1.0,size=4936,user=kremels,uid=58,required_score=5.0,rhost=localhost,raddr=::1,rport=50165,mid=<58...@kreme.com>,autolearn=no
>>> autolearn_force=no postfix/cleanup[4337]: 3lNN3J5FWhzJMhs:
>>> milter-reject: END-OF-MESSAGE from omnigroup.com[198.151.161.1]:
>>> 5.7.1 Blocked by SpamAssassin;
>>> from=<ma...@omnigroup.com> to=<kr...@kreme.com>
>>> proto=ESMTP helo=<omnigroup.com> There are no grep hits in the
>>> spamassassin folder for “omnigroup” or even “omni”.
>>
>> Your log sample shows only the envelope "From" used at SMTP level,
>> but a (faked?) "From:" header could have triggered the blacklist.
>
> True, but this is mailing list and the message was expected (it was
> my own post being sent to me by the lost), so that is not probable
> (and the message I was excepting from the list did not show up).
>
> Obviously, I can’t check the message.

"Obviously" you didn't think of whitelisting your subscribed mailing 
lists .-)

But as the list probably has an archive, you can find your "expected" 
msg there. and use that to figure out what hit the blacklisting, 
"obviously"

https://pbs.twimg.com/profile_images/493993306628452353/bOs_gzNA_400x400.jpeg

Re: Can't find what is triggering blacklist

Posted by "@lbutlr" <kr...@kreme.com>.

> On Apr 10, 2015, at 12:11 AM, Christian Laußat <sp...@list.laussat.de> wrote:
> 
> On 10.04.2015 04:47, @lbutlr wrote:
>> spamd: result: Y 97 -
>> HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY,USER_IN_BLACKLIST
>> scantime=1.0,size=4936,user=kremels,uid=58,required_score=5.0,rhost=localhost,raddr=::1,rport=50165,mid=<58...@kreme.com>,autolearn=no
>> autolearn_force=no
>> postfix/cleanup[4337]: 3lNN3J5FWhzJMhs: milter-reject: END-OF-MESSAGE
>> from omnigroup.com[198.151.161.1]: 5.7.1 Blocked by SpamAssassin;
>> from=<ma...@omnigroup.com> to=<kr...@kreme.com>
>> proto=ESMTP helo=<omnigroup.com>
>> There are no grep hits in the spamassassin folder for “omnigroup” or
>> even “omni”.
> 
> Your log sample shows only the envelope "From" used at SMTP level, but a (faked?) "From:" header could have triggered the blacklist.

True, but this is mailing list and the message was expected (it was my own post being sent to me by the lost), so that is not probable (and the message I was excepting from the list did not show up).

Obviously, I can’t check the message.



-- 
If you could do a sort of relief map of sinfulness, wickedness and
all-round immorality, rather like those representations of the
gravitational field around a Black Hole, then even in Ankh-Morpork the
Shades would be represented by a shaft. In fact the Shades was
remarkably like the aforesaid well-known astrological phenomenon: it had
a certain strong attraction, no light escaped from it, and it could
indeed become a gateway to another world. The next one.

Re: Can't find what is triggering blacklist

Posted by Christian Laußat <sp...@list.laussat.de>.

On 10.04.2015 04:47, @lbutlr wrote:
> spamd: result: Y 97 -
> HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY,USER_IN_BLACKLIST
> scantime=1.0,size=4936,user=kremels,uid=58,required_score=5.0,rhost=localhost,raddr=::1,rport=50165,mid=<58...@kreme.com>,autolearn=no
> autolearn_force=no
> 
> postfix/cleanup[4337]: 3lNN3J5FWhzJMhs: milter-reject: END-OF-MESSAGE
> from omnigroup.com[198.151.161.1]: 5.7.1 Blocked by SpamAssassin;
> from=<ma...@omnigroup.com> to=<kr...@kreme.com>
> proto=ESMTP helo=<omnigroup.com>
> 
> There are no grep hits in the spamassassin folder for “omnigroup” or
> even “omni”.

Your log sample shows only the envelope "From" used at SMTP level, but a 
(faked?) "From:" header could have triggered the blacklist.

-- 
Christian Laußat
https://blog.laussat.de