[BlueOnyx:04045] Re: AVSPAM PBL List

Michael Stauber mstauber at blueonyx.it
Thu Mar 18 05:33:21 -05 2010 

Hi Steffan,


> Here the score of one email
> 3.6 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
>
>                             [86.87.82.xxx listed in zen.spamhaus.org]
>
> As i can see all score has top do with spamhaus
> The person has a big dsl provider here in holland
> http://www.spamhaus.org/pbl/query/PBL178674

Yeah, like I suspected. Spamhaus blacklisted the entire 86.80.0.0/12 of KPN, 
too, just like they did with a fair bunch of German ISPs. Their grief is that 
they think these IPSs do too little to counter SPAM originating from within 
their networks and that's of course mostly true.

That score there gives the most points, hence it's the most critical here. You 
should do what I suggested in the earlier messages and should disable the RBL 
checks for now.

OTOH: With Spamhaus on a war footage such as this it may in the short term 
probably be more adviseable to either lower the score that a Spamhaus hit 
generates, or to drop Spamhaus altogether. I'll probably publish a 
SpamAssassin rule update tonight with a lowered score for that ruleset.

Lets go through the other rules:

> 0.0 HTML_MESSAGE           BODY: HTML included in message

This is simply an informational score of 0.0. That rule is present to make 
some additional judgements about the message, but other than that it has no 
impact.

> 1.3 RDNS_NONE              Delivered to internal network by a host with no
> rDNS

Sending mailserver has no reverse DNS. Which it *should* have. 

> 0.0 HELO_NO_DOMAIN         Relay reports its domain incorrectly

Another 0 score rule. Used for additional weighting in some rules.

> 1.4 DOS_OUTLOOK_TO_MX      Delivered direct to MX with Outlook headers

A lot of SPAM senders use forged Outlook headers, hence a small score is 
assinged here for that reason.

> 1.0 SAGREY                 Adds 1.0 to spam from first-time senders

First time you received an email from that sender, so a general base score of 
1.0 is assigned once.

All in all: If the sender weren't listed in Spamhaus, the mail would have 
passed.with a score of 3.7, which is below the usual SPAM treshold.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list