You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Spamassassin List <sp...@gmail.com> on 2008/04/21 04:10:09 UTC
flooded with undetected spam
Hi,
My inbox is flooded by some new spams. Any idea how do I block it?
http://202.42.86.77/1.eml
http://202.42.86.77/2.eml
Best regards
Re: flooded with undetected spam
Posted by Evan Platt <ev...@espphotography.com>.
1.eml hits a 12.7 on my system:
---- ----------------------
--------------------------------------------------
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?201.233.220.168>]
3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[201.233.220.168 listed in
sbl-xbl.spamhaus.org]
2.6 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS
records
0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[201.233.220.168 listed in zen.spamhaus.org]
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=201.233.220.168,maildomain=crochan.com,nordns]
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 RDNS_NONE Delivered to trusted network by a host with
no rDNS
2.eml hits a 9.9
Content analysis details: (9.9 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[201.229.148.211 listed in dnsbl.sorbs.net]
0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[201.229.148.211 listed in zen.spamhaus.org]
0.7 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=201.229.148.211,hostname=tdev148-211.codetel.net.do,maildomain=smogexpressbelmont.com,baddns,client,ipinhostname]
0.0 HTML_MESSAGE BODY: HTML included in message
1.6 HTML_FONT_SIZE_LARGE BODY: HTML font size is large
0.1 RDNS_NONE Delivered to trusted network by a host with
no rDNS
Spamassassin List wrote:
> Hi,
>
> My inbox is flooded by some new spams. Any idea how do I block it?
>
> http://202.42.86.77/1.eml
> http://202.42.86.77/2.eml
>
> Best regards
>
>
>
>
Re: flooded with undetected spam
Posted by Benny Pedersen <me...@junc.org>.
On Mon, April 21, 2008 23:13, mouss wrote:
> Received: from unknown (HELO tdev148-211.codetel.net.do) (201.229.148.211)
> by 0 with SMTP; 20 Apr 2008 16:27:31 -0000
>
> is this a new MTA?
in that case none want to use it :-)
but the body olso have fuzzy dot tld that are listed in surbl and uribl, maybe
spammer need to get some fresh air to be smart :-)
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: flooded with undetected spam
Posted by mouss <mo...@netoyen.net>.
Benny Pedersen wrote:
> On Mon, April 21, 2008 04:10, Spamassassin List wrote:
>
>> My inbox is flooded by some new spams. Any idea how do I block it?
>> http://202.42.86.77/1.eml
>> http://202.42.86.77/2.eml
>>
>
> both hits on spamhaus
>
>
but the question I would have is what is the '0' in
Received: from unknown (HELO tdev148-211.codetel.net.do) (201.229.148.211)
by 0 with SMTP; 20 Apr 2008 16:27:31 -0000
is this a new MTA?
Re: flooded with undetected spam
Posted by Benny Pedersen <me...@junc.org>.
On Mon, April 21, 2008 04:10, Spamassassin List wrote:
> My inbox is flooded by some new spams. Any idea how do I block it?
> http://202.42.86.77/1.eml
> http://202.42.86.77/2.eml
both hits on spamhaus
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098