You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jeremy Morton <ad...@game-point.net> on 2009/06/25 17:10:40 UTC
Apache.org spam??
I recently got this spam that made its way thru SpamAssassin:
http://pastebin.ca/1474274
Looks like it was received from mail.apache.org which is in the
DNSWL.org DB, unsurprisingly. Why would mail.apache.org send out this
obvious spam?
Best regards,
Jeremy Morton (Jez)
Re: Apache.org spam??
Posted by Benny Pedersen <me...@junc.org>.
On Thu, June 25, 2009 17:10, Jeremy Morton wrote:
> Looks like it was received from mail.apache.org which is in the
> DNSWL.org DB, unsurprisingly. Why would mail.apache.org send out this
> obvious spam?
blame mozilla thunderbird for the resent headers, the problem is that one user release something in there quarantine and spammed
forged headers
--
xpoint
Re: Apache.org spam??
Posted by Benny Pedersen <me...@junc.org>.
On Thu, June 25, 2009 19:48, John Hardin wrote:
> I point out that I've had legitimate reason in the past to resend messages
> to the SA list.
test my rules better, will it hit a resend from you ? :)
well repost is not a resend, so it might still not hit
--
xpoint
Re: Apache.org spam??
Posted by John Hardin <jh...@impsec.org>.
On Thu, 25 Jun 2009, SM wrote:
> At 09:13 25-06-2009, Benny Pedersen wrote:
>> something as this on apache.org:
>>
>> header __RESENT1 exists:Resent-From
>> header __RESENT2 exists:Resent-To
>> header __RESENT3 exists:Resent-Date
>> header __RESENT4 exists:Resent-Message-Id
>>
>> meta NO_RESENT_MAIL (__RESENT1 && __RESENT2 && __RESENT3 && __RESENT4)
>> describe NO_RESENT_MAIL Meta: please dont resend mail to maillists
>> score NO_RESENT_MAIL 3.0
>>
>> if i cant fix others problems but imho apache.org need the above :)
>
> Nice. The above rules cannot be applied for all apache.org traffic as it's
> not only for mailing lists.
I point out that I've had legitimate reason in the past to resend messages
to the SA list.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Phobias should not be the basis for laws.
-----------------------------------------------------------------------
9 days until the 233rd anniversary of the Declaration of Independence
Re: Apache.org spam??
Posted by SM <sm...@resistor.net>.
At 09:13 25-06-2009, Benny Pedersen wrote:
>something as this on apache.org:
>
>header __RESENT1 exists:Resent-From
>header __RESENT2 exists:Resent-To
>header __RESENT3 exists:Resent-Date
>header __RESENT4 exists:Resent-Message-Id
>
>meta NO_RESENT_MAIL (__RESENT1 && __RESENT2 && __RESENT3 && __RESENT4)
>describe NO_RESENT_MAIL Meta: please dont resend mail to maillists
>score NO_RESENT_MAIL 3.0
>
>if i cant fix others problems but imho apache.org need the above :)
Nice. The above rules cannot be applied for all apache.org traffic
as it's not only for mailing lists.
Regards,
-sm
Re: Apache.org spam??
Posted by Benny Pedersen <me...@junc.org>.
On Thu, June 25, 2009 17:56, SM wrote:
> What rules would you recommend to catch it?
something as this on apache.org:
header __RESENT1 exists:Resent-From
header __RESENT2 exists:Resent-To
header __RESENT3 exists:Resent-Date
header __RESENT4 exists:Resent-Message-Id
meta NO_RESENT_MAIL (__RESENT1 && __RESENT2 && __RESENT3 && __RESENT4)
describe NO_RESENT_MAIL Meta: please dont resend mail to maillists
score NO_RESENT_MAIL 3.0
if i cant fix others problems but imho apache.org need the above :)
--
xpoint
Re: Apache.org spam??
Posted by SM <sm...@resistor.net>.
At 08:10 25-06-2009, Jeremy Morton wrote:
>I recently got this spam that made its way thru SpamAssassin:
[non-persistent information snipped]
>Looks like it was received from mail.apache.org which is in the
>DNSWL.org DB, unsurprisingly. Why would mail.apache.org send out
>this obvious spam?
The message was sent by a mailing list subscriber to a list which
generally discusses about spam. It scored 4.0 on Apache.org.
Why is the message obvious spam? What rules would you recommend to catch it?
Regards,
-sm
Re: Apache.org spam??
Posted by Benny Pedersen <me...@junc.org>.
On Thu, June 25, 2009 17:20, Jeremy Morton wrote:
> I guess that was sent to the spamassassin.apache.org list and the list
> was BCC'd so it didn't get put into my list folder. Ah well.
with sieve:
if header :contains "List-Id" "users.spamassassin.apache.org"
{
fileinto "maillists.spamassassin";
stop;
}
--
xpoint
Re: Apache.org spam??
Posted by Jeremy Morton <ad...@game-point.net>.
To reply to myself....
I guess that was sent to the spamassassin.apache.org list and the list
was BCC'd so it didn't get put into my list folder. Ah well.
Best regards,
Jeremy Morton (Jez)
Jeremy Morton wrote:
> I recently got this spam that made its way thru SpamAssassin:
>
> http://pastebin.ca/1474274
>
> Looks like it was received from mail.apache.org which is in the
> DNSWL.org DB, unsurprisingly. Why would mail.apache.org send out this
> obvious spam?
>
> Best regards,
> Jeremy Morton (Jez)
>