[GLLUG] REMINDER - Sept. 11, 2003 Meeting
Rich Clark
rrclark at rrclark.net
Sat Sep 13 19:42:33 EDT 2003
On Thu, 11 Sep 2003, Edward Glowacki wrote:
> I noticed that a lot more of my email is being flagged as SPAM lately
> (from SpamAssassin), and now it appears that the GLLUG meeting reminder
> has joined the list. Looks like it's because of the mail coming from a
> confirmed open relay (idealso.com). Just thought I'd pass the word
> along so the relay can be shut of (unless it's intentionally open, and I
> hope that's not the case... =) ).
There's a rather simple reason for your troubles. I'll analyze your
spamassassin config as indicated by the message, and also indicate the
truth behind any other problems with the reporting that spamassassin tacks
onto the headers.
> Here's the full message:
Usually when posting a full message, it's best to include all the headers.
However, since spamassassin includes lots of details in it's analysis, we
won't need them specifically here.
> -----Forwarded Message-----
> From: GLLUG.org Calendar Notification <gllug at gllug.org>
> To: linux-user at egr.msu.edu
> Subject: [GLLUG] REMINDER - Sept. 11, 2003 Meeting
> Date: 11 Sep 2003 00:05:01 -0400
>
> This mail is probably spam. The original message has been attached
> along with this report, so you can recognize or block similar unwanted
> mail in future. See http://spamassassin.org/tag/ for more details.
>
> Content preview: This is an automated reminder from the GLLUG.org
> calendar for the following event: TITLE: Sept. 11, 2003 Meeting
> DESCRIPTION: To be held at Jeff Lawton's house in Dewitt. [...]
>
> Content analysis details: (5.30 points, 5 required)
> RCVD_IN_RFCI (1.8 points) RBL: Received via a relay in ipwhois.rfc-ignorant.org
> [RBL check: found 84.250.122.216.ipwhois.rfc-ignorant.org., type: 127.0.0.6]
It appears that the whois information for the IP address 216.122.250.84 is
incorrect. Whois points to interland.com as the responsible party, when
in actuality, interland.com should have swipped that space directly to
lightrealm.com. You could edit your spamassassin config files to
whitelist the incoming addresses so it will bypass the checks for this and
your listmail will not be tagged as spam-positive. Another thing to do is
to contact lightrealm and let them know about the listing and encourage
them to correct the reason why their listed.
> RCVD_IN_OSIRUSOFT_COM (0.6 points) RBL: Received via a relay in relays.osirusoft.com
> [RBL check: found 75.219.224.64.relays.osirusoft.com.]
> X_OSIRU_OPEN_RELAY (2.9 points) RBL: DNSBL: sender is Confirmed Open Relay
You should go through your spamassassin config and remove any reference
whatsoever to osirusoft.com's lists. Joe Jared, the fellow who provided
this wonderful, free resource has had to close up his blocklists, and to
encourage the people using the list, he has made an entry in the list so
that any address queried would produce a 127.0.0.2 positive result.
IOW, he's blocklisted the entire Internet in an effort to get them to stop
using his lists. Continuing to use his lists in your spamassassin or
mailserver configuration will cause you to lose *lots* of wanted mail.
HTH, HAND,
Rich
--
"...[Microsoft's] obsession with Linux is deeply unhealthy. If we
were talking about a person, successful and perfectly normal apart
from a compulsion to prove they're better than another, particular,
person then we'd regard it as a case for analysis, right? If you're
that secure in your success then you're confident, cool about rivals,
you don't go on about them like that. Basically, this Linux stuff
shows that Microsoft is going corporately nuts."
- John Lettice, The Register, 9/10/2003
TINLC Unit #2309 Death to all spammer accounts. WWSB?
More information about the linux-user
mailing list