[users] Mail from list detected as Spam
dries at ulyssis.org
Fri Jan 26 13:28:35 CET 2007
On Thursday January 25 2007 8:59 pm, Dag Wieers wrote:
> On Wed, 24 Jan 2007, Alan Hodgson wrote:
> > On Wednesday 24 January 2007 11:47, Dag Wieers <dag at wieers.com> wrote:
> > > You base your logic that a reverse name lookup with 'adsl' in the
> > > name is SPAM. I am telling you that this generalisation of the
> > > definition SPAM is wrong. The example is this list.
> > No one is saying the mail is spam.
> Actually, it was the sole characteristic for tagging it spam if I read his
> mail correctly.
> I don't mind if you take it as part of the calculations (one of the many
> characteristics). Bug if you don't then I think the problem is the
> configuration and you'll need to live with the consequences really.
> The mails from the mailinglist get a -2.5 rating on my spamassassin. And
> that's well below what is required for spam.
> > If you look exactly like a bot, you're a lot more likely to be mistaken
> > for one. Fixing your reverse DNS is one good way to differentiate
> > yourself from a bot and will prevent some mail delivery problems.
> We don't look exactly like the bot, bots look exactly like us. And since
> it was borught up only once since the existence of the mailinglist and
> because he customized his spamassassin configuration in order to get this
> behaviour. He gets exactly what he aimed for :)
> Again, if Dries can fix that (not use adsl in the reverse), I'm sure he
> will fix that. Until then you're stuck with custom configuration. And no
> RFC can help you.
> BTW There is no RFC that says mail cannot be delivered from a reverse DNS
> that has the string 'adsl' in it. And I bet there never will be one :)
I've sent a mail to easynet support and they've changed the reverse dns. It
doesn't contain 'adsl' anymore. Everyone happy now? :-) There's a
propagation time of maximum 24 hours.
[root at pooch ~]# telnet 220.127.116.11 smtp
Connected to 18.104.22.168.
Escape character is '^]'.
220 pooch.vmhosting.org ESMTP Postfix
Connection closed by foreign host.
[root at pooch ~]# nslookup 22.214.171.124 dns0.easynet.be
241.131.193.213.in-addr.arpa name = pooch.vmhosting.org.
The reverse ip is now the same as the name used by postfix. This should be ok
for Botnet i guess?
I've read the botnet announcement at
and the config file of the latest Botnet at
http://people.ucsc.edu/~jrudd/spamassassin/ . I might be wrong but it looks
to me that this way of spam catching will create a lot of false positives,
no? With the current rules, the config file already needs a whitelist for for
More information about the users