You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Robert Swan <rs...@nskinc.com> on 2006/10/13 16:30:03 UTC
Is there any way to score this?
Is there anyway to get points added if the sending mail server has no
PTR record (unknown [196.211.162.65])?
I am using Redhat Fedora and Spamassassin 3.1.2 and Postfix
X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on SPAM1
X-Spam-Level: **
X-Spam-Status: No, score=3.0 required=4.9
tests=BAYES_50,EXTRA_MPART_TYPE,
HTML_IMAGE_ONLY_28,HTML_MESSAGE autolearn=no version=3.1.2
Received: from lyonop.com (unknown [196.211.162.65])
Thanks in advance
Robert
Peace he would say instead of goodbye....peace my brother.
Re: Is there any way to score this?
Posted by "Peter H. Lemieux" <ph...@cyways.com>.
Micke Andersson wrote:
> excuse me for my ignorance, but is this really the correct approach
> right now, since it is quite a lot of badly configured DNS servers out
> there. Should this not be handled by the SMTP server as is instead!
> And return an error code of 421 or something like this. Like AOL has
> implemented at their servers, you will be informed as sender about the
> problem, with an URL link to
> http://postmaster.info.aol.com/errors/421dnsnr.html
Whatever opinions you may have about AOL, when they began rejecting mail
without reverse-DNS entries a few years' back, AOL's sheer size forced
mail admins to make sure that their servers have both forward and reverse
lookups enable. Heck, even random cable/DSL hosts usually have reverse
lookups configured, usually something like 123-123-123-123.someisp.com.
Most of the mail I see coming from servers without reverse-resolution is
spam, usually from hosts in places like China.
Moreover, I'd much rather give such messages a relatively high SA score
than reject them at the SMTP level. False positives in the SMTP exchange
cause ill-will with clients and their correspondents.
> Or if one should have this above Rule, me my self would not for the time
> being, have that high of a score,
I give these messages a score of 3.3 with an SA criterion of 4.0; I get
very few false positives.
Peter
Re: Is there any way to score this?
Posted by Micke Andersson <mi...@swemic.net>.
James Lay wrote:
>
>
> -----Original Message-----
> From: Wolfgang Zeikat [mailto:wolfgang.zeikat@desy.de]
> Sent: Friday, October 13, 2006 9:49 AM
> To: users@spamassassin.apache.org
> Subject: Re: Is there any way to score this?
>
>
>
> On 10/13/06 17:34, Wolfgang Zeikat wrote:
>
>> Received =~ /from \S{1,30} \(unknown
>> \[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)\s+by\s+your\.smtp\.server\.de
>> sy/
>>
>> Replace "your.smtp.server" by your server's name ...
>>
>
> Oops, and leave out "\.desy" of course ;) And - just to make sure - that's a
> header rule.
>
>
>> Cheers,
>>
>> wolfgang
>>
>>
>
>
> So does:
>
> header UNKNOWN Received =~ /from \S{1,30}
> \(unknown\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)\s+by\s+mail\.slave-tothe-b
> ox\.net/
> score UNKNOWN 3
> describe UNKNOWN Unknown hosts
>
> Look about right?
>
> James
>
Hi all,
excuse me for my ignorance, but is this really the correct approach
right now,
since it is quite a lot of badly configured DNS servers out there.
Should this not be handled by the SMTP server as is instead!
And return an error code of 421 or something like this.
Like AOL has implemented at their servers, you will be informed as
sender about the problem,
with an URL link to http://postmaster.info.aol.com/errors/421dnsnr.html
Or if one should have this above Rule, me my self would not for the time
being, have that high of a score,
check out your legitimate and non SPAM incoming mails, you will find
tons of e-mail server IP's that is not registered with a good PTR.
And even further, if this test is done at SMTP server level, there will
not be that much of CPU consuming processing to check if the sender is
an "unknown" sender IP.
/Micke
RE: Is there any way to score this?
Posted by James Lay <jl...@slave-tothe-box.net>.
-----Original Message-----
From: Wolfgang Zeikat [mailto:wolfgang.zeikat@desy.de]
Sent: Friday, October 13, 2006 9:49 AM
To: users@spamassassin.apache.org
Subject: Re: Is there any way to score this?
On 10/13/06 17:34, Wolfgang Zeikat wrote:
> Received =~ /from \S{1,30} \(unknown
> \[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)\s+by\s+your\.smtp\.server\.de
> sy/
>
> Replace "your.smtp.server" by your server's name ...
Oops, and leave out "\.desy" of course ;) And - just to make sure - that's a
header rule.
>
> Cheers,
>
> wolfgang
>
So does:
header UNKNOWN Received =~ /from \S{1,30}
\(unknown\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)\s+by\s+mail\.slave-tothe-b
ox\.net/
score UNKNOWN 3
describe UNKNOWN Unknown hosts
Look about right?
James
Re: Is there any way to score this?
Posted by Wolfgang Zeikat <wo...@desy.de>.
On 10/13/06 17:34, Wolfgang Zeikat wrote:
> Received =~ /from \S{1,30} \(unknown
> \[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)\s+by\s+your\.smtp\.server\.desy/
>
> Replace "your.smtp.server" by your server's name ...
Oops, and leave out "\.desy" of course ;)
And - just to make sure - that's a header rule.
>
> Cheers,
>
> wolfgang
>
Re: Is there any way to score this?
Posted by Wolfgang Zeikat <wo...@desy.de>.
On 10/13/06 17:12, Andreas Pettersson wrote:
> Robert Swan wrote:
>
>> Is there anyway to get points added if the sending mail server has no
>> PTR record *(unknown [196.211.162.65])?*
>>
>> I am using Redhat Fedora and Spamassassin 3.1.2 and Postfix
With a postfix mail gateway, I use a local SA rule like:
Received =~ /from \S{1,30} \(unknown
\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)\s+by\s+your\.smtp\.server\.desy/
Replace "your.smtp.server" by your server's name ...
Cheers,
wolfgang
Re: Is there any way to score this?
Posted by Andreas Pettersson <an...@telia.com>.
Robert Swan wrote:
> Is there anyway to get points added if the sending mail server has no
> PTR record *(unknown [196.211.162.65])?*
>
> I am using Redhat Fedora and Spamassassin 3.1.2 and Postfix
>
>
I was looking for the same thing some time ago, but I couldn't easily
find a way to do that in SA.
Instead I use the MTA (Exim) to add a header if the PTR is missing, and
then I use SA to check against that header.
Perhaps there are better ways to do it.
--
Andreas
RE: Is there any way to score this?
Posted by "Coffey, Neal" <nc...@langeveld.com>.
Robert Swan wrote:
> Is there anyway to get points added if the sending mail
> server has no PTR record (unknown [196.211.162.65])?
> Received: from lyonop.com (unknown [196.211.162.65])
This is totally untested, but:
header LOCAL_INVALID_PTR Received =~ /\(unknown /
This might be more robust:
header LOCAL_INVALID_PTR Received =~ /from \S+ \(unknown /
Again, totally untested, so put them in with a score of 0.01 and watch
them for a while before you rely on either on.