[users] Mail from list detected as Spam

Dries Verachtert dries at ulyssis.org
Fri Jan 26 13:28:35 CET 2007


On Thursday January 25 2007 8:59 pm, Dag Wieers wrote:
> On Wed, 24 Jan 2007, Alan Hodgson wrote:
> > On Wednesday 24 January 2007 11:47, Dag Wieers <dag at wieers.com> wrote:
> > > You base your logic that a reverse name lookup with 'adsl' in the
> > > name is SPAM. I am telling you that this generalisation of the
> > > definition SPAM is wrong. The example is this list.
> >
> > No one is saying the mail is spam.
>
> Actually, it was the sole characteristic for tagging it spam if I read his
> mail correctly.
>
> I don't mind if you take it as part of the calculations (one of the many
> characteristics). Bug if you don't then I think the problem is the
> configuration and you'll need to live with the consequences really.
>
> The mails from the mailinglist get a -2.5 rating on my spamassassin. And
> that's well below what is required for spam.
>
> > If you look exactly like a bot, you're a lot more likely to be mistaken
> > for one.  Fixing your reverse DNS is one good way to differentiate
> > yourself from a bot and will prevent some mail delivery problems.
>
> We don't look exactly like the bot, bots look exactly like us. And since
> it was borught up only once since the existence of the mailinglist and
> because he customized his spamassassin configuration in order to get this
> behaviour. He gets exactly what he aimed for :)
>
> Again, if Dries can fix that (not use adsl in the reverse), I'm sure he
> will fix that. Until then you're stuck with custom configuration. And no
> RFC can help you.
>
> BTW There is no RFC that says mail cannot be delivered from a reverse DNS
> that has the string 'adsl' in it. And I bet there never will be one :)

I've sent a mail to easynet support and they've changed the reverse dns. It 
doesn't contain 'adsl' anymore. Everyone happy now? :-)  There's a 
propagation time of maximum 24 hours.

[root at pooch ~]# telnet 213.193.131.241 smtp
Trying 213.193.131.241...
Connected to 213.193.131.241.
Escape character is '^]'.
220 pooch.vmhosting.org ESMTP Postfix
QUIT
221 Bye
Connection closed by foreign host.
[root at pooch ~]# nslookup 213.193.131.241 dns0.easynet.be
Server:         dns0.easynet.be
Address:        212.100.160.53#53

241.131.193.213.in-addr.arpa    name = pooch.vmhosting.org.

The reverse ip is now the same as the name used by postfix. This should be ok 
for Botnet i guess?

I've read the botnet announcement at 
http://lists.mailscanner.info/pipermail/mailscanner/2006-December/068369.html 
and the config file of the latest Botnet at 
http://people.ucsc.edu/~jrudd/spamassassin/ . I might be wrong but it looks 
to me that this way of spam catching will create a lot of false positives, 
no? With the current rules, the config file already needs a whitelist for for 
example amazon.com.

kind regards,
Dries




More information about the users mailing list