You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by Matthias Leisi <ma...@leisi.net> on 2008/01/25 10:39:15 UTC

RuleQA - dnswl.org rules

Hi,

I went through the RuleQA looking for potential issues with dnswl.org
data, and I found some candidates here:

http://ruleqa.spamassassin.org/20080124-r614819-n/RCVD_IN_DNSWL_MED?mclog=spam-bb-jm
http://ruleqa.spamassassin.org/20080124-r614819-n/RCVD_IN_DNSWL_MED?mclog=spam-theo
http://ruleqa.spamassassin.org/20080124-r614819-n/RCVD_IN_DNSWL_MED?mclog=spam-dos

Could you please have a short look whether these are really spams, and
whether they came through a dnswl.org-listed relay?

Thanks a lot,
-- Matthias, for dnswl.org

Re: RuleQA - dnswl.org rules

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.

Matthias Leisi wrote:
> http://ruleqa.spamassassin.org/20080124-r614819-n/RCVD_IN_DNSWL_MED?mclog=spam-dos
> 
> Could you please have a short look whether these are really spams, and
> whether they came through a dnswl.org-listed relay?

1 drug spam from host.metlife.com [216.163.254.4]

1 lotto spam from mailhub2.dartmouth.edu [129.170.17.107]
 - hijacked webmail account

The rest are back scatter.

Daryl

Re: RuleQA - dnswl.org rules

Posted by Theo Van Dinter <fe...@apache.org>.

On Fri, Jan 25, 2008 at 10:28:28AM +0000, Justin Mason wrote:
> yep, a spam; a phish, specifically, coming via:
[...]
> Received hdrs look like that's a botnet-infected machine.

Ditto.

        * -0.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
        *      medium trust
        *      [65.118.208.21 listed in list.dnswl.org]

-- 
Randomly Selected Tagline:
"Euler's Identity ...  the Sine/Cosine thing..."   - Instructor Dean