[GLLUG] REMINDER - Sept. 11, 2003 Meeting

Rich Clark rrclark at rrclark.net
Sat Sep 13 19:42:33 EDT 2003 

On Thu, 11 Sep 2003, Edward Glowacki wrote:

> I noticed that a lot more of my email is being flagged as SPAM lately
> (from SpamAssassin), and now it appears that the GLLUG meeting reminder
> has joined the list.  Looks like it's because of the mail coming from a
> confirmed open relay (idealso.com).  Just thought I'd pass the word
> along so the relay can be shut of (unless it's intentionally open, and I
> hope that's not the case... =) ).

There's a rather simple reason for your troubles.  I'll analyze your 
spamassassin config as indicated by the message, and also indicate the 
truth behind any other problems with the reporting that spamassassin tacks 
onto the headers.

> Here's the full message:

Usually when posting a full message, it's best to include all the headers.  
However, since spamassassin includes lots of details in it's analysis, we 
won't need them specifically here.

> -----Forwarded Message-----
> From: GLLUG.org Calendar Notification <gllug at gllug.org>
> To: linux-user at egr.msu.edu
> Subject: [GLLUG] REMINDER - Sept. 11, 2003 Meeting
> Date: 11 Sep 2003 00:05:01 -0400
>
> This mail is probably spam.  The original message has been attached
> along with this report, so you can recognize or block similar unwanted
> mail in future.  See http://spamassassin.org/tag/ for more details.
> 
> Content preview:  This is an automated reminder from the GLLUG.org
>   calendar for the following event: TITLE: Sept. 11, 2003 Meeting
>   DESCRIPTION: To be held at Jeff Lawton's house in Dewitt. [...] 
> 
> Content analysis details:   (5.30 points, 5 required)
> RCVD_IN_RFCI       (1.8 points)  RBL: Received via a relay in ipwhois.rfc-ignorant.org
>                    [RBL check: found 84.250.122.216.ipwhois.rfc-ignorant.org., type: 127.0.0.6]

It appears that the whois information for the IP address 216.122.250.84 is 
incorrect.  Whois points to interland.com as the responsible party, when 
in actuality, interland.com should have swipped that space directly to 
lightrealm.com.  You could edit your spamassassin config files to 
whitelist the incoming addresses so it will bypass the checks for this and 
your listmail will not be tagged as spam-positive.  Another thing to do is 
to contact lightrealm and let them know about the listing and encourage 
them to correct the reason why their listed.

> RCVD_IN_OSIRUSOFT_COM (0.6 points)  RBL: Received via a relay in relays.osirusoft.com
>                    [RBL check: found 75.219.224.64.relays.osirusoft.com.]
> X_OSIRU_OPEN_RELAY (2.9 points)  RBL: DNSBL: sender is Confirmed Open Relay

You should go through your spamassassin config and remove any reference 
whatsoever to osirusoft.com's lists.  Joe Jared, the fellow who provided 
this wonderful, free resource has had to close up his blocklists, and to 
encourage the people using the list, he has made an entry in the list so 
that any address queried would produce a 127.0.0.2 positive result.  
IOW, he's blocklisted the entire Internet in an effort to get them to stop 
using his lists.  Continuing to use his lists in your spamassassin or 
mailserver configuration will cause you to lose *lots* of wanted mail.

HTH, HAND,

Rich
-- 
"...[Microsoft's] obsession with Linux is deeply unhealthy. If we
were talking about a person, successful and perfectly normal apart 
from a compulsion to prove they're better than another, particular, 
person then we'd regard it as a case for analysis, right? If you're 
that secure in your success then you're confident, cool about rivals, 
you don't go on about them like that. Basically, this Linux stuff 
shows that Microsoft is going corporately nuts." 
   - John Lettice, The Register, 9/10/2003
TINLC Unit #2309        Death to all spammer accounts.      WWSB?

More information about the linux-user mailing list