You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Matthias Leisi <ma...@leisi.net> on 2008/01/25 10:39:15 UTC
RuleQA - dnswl.org rules
Hi,
I went through the RuleQA looking for potential issues with dnswl.org
data, and I found some candidates here:
http://ruleqa.spamassassin.org/20080124-r614819-n/RCVD_IN_DNSWL_MED?mclog=spam-bb-jm
http://ruleqa.spamassassin.org/20080124-r614819-n/RCVD_IN_DNSWL_MED?mclog=spam-theo
http://ruleqa.spamassassin.org/20080124-r614819-n/RCVD_IN_DNSWL_MED?mclog=spam-dos
Could you please have a short look whether these are really spams, and
whether they came through a dnswl.org-listed relay?
Thanks a lot,
-- Matthias, for dnswl.org
Re: RuleQA - dnswl.org rules
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Matthias Leisi wrote:
> http://ruleqa.spamassassin.org/20080124-r614819-n/RCVD_IN_DNSWL_MED?mclog=spam-dos
>
> Could you please have a short look whether these are really spams, and
> whether they came through a dnswl.org-listed relay?
1 drug spam from host.metlife.com [216.163.254.4]
1 lotto spam from mailhub2.dartmouth.edu [129.170.17.107]
- hijacked webmail account
The rest are back scatter.
Daryl
Re: RuleQA - dnswl.org rules
Posted by Theo Van Dinter <fe...@apache.org>.
On Fri, Jan 25, 2008 at 10:28:28AM +0000, Justin Mason wrote:
> yep, a spam; a phish, specifically, coming via:
[...]
> Received hdrs look like that's a botnet-infected machine.
Ditto.
* -0.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
* medium trust
* [65.118.208.21 listed in list.dnswl.org]
--
Randomly Selected Tagline:
"Euler's Identity ... the Sine/Cosine thing..." - Instructor Dean