[CLUE-Tech] bad trick

Randy Arabie randy at arabie.org
Tue Jul 1 07:45:02 MDT 2003 

> I have a problem - I have an extensive "ban list" on my server 
> to help combat spam.  What I mean is, I religously 
> update /etc/mail/access with lines like this:
> 
> checkyourinbox.com REJECT
> 
> I after I edit that file, besides just 
> running /etc/rc.d/init.d/sendmail 
> restart, I run through these steps in /etc/mail:
> 
> make clean
> make all
> newaliases
> /etc/rc.d/init.d/sendmail restart
> 
> I have had that checkyourinbox.com line in there for weeks now - yet 
> everyday, I get annoying emails from them. I have included the 
> headers below from my latest:
> 
> Return-Path: <bounce-insidersavings-
> 64791891 at mail15.checkyourinbox.com>
> Received: from mail15.checkyourinbox.com ([146.82.96.236])
> 	by fimble.com (8.12.8/8.12.8) with SMTP id h612DN5l014529
> 	for <STAVER at FIMBLE.COM>; Mon, 30 Jun 2003 20:13:24 -0600
> Message-Id: <200307010213.h612DN5l014529 at fimble.com>
> From: "Holly Jensen" <leave-insidersavings-
> 64791891X at mail15.checkyourinbox.com>
> To: STAVER at FIMBLE.COM
> Subject: The Harry Potter Book Club
> Date: Mon, 30 Jun 2003 21:31:25 -0600
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> 	boundary="==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=="
> List-Unsubscribe: <mailto:leave-insidersavings-
> 64791891X at mail15.checkyourinbox.com>
> Reply-To: leave-insidersavings-64791891X at mail15.checkyourinbox.com
> X-Spam-Status: No, hits=2.4 required=4.5
> 	tests=CLICK_BELOW,HTML_50_60,HTML_LINK_CLICK_HERE,HTML_MESSAGE,
> 	      MSG_ID_ADDED_BY_MTA_3,RISK_FREE
> 	version=2.55
> X-Spam-Level: **
> X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
> 
> This is a multi-part message in MIME format.
> 
> --==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: 8bit
> 
> So, I'm confused as to how this email keeps getting by - I have them 
> rejected at the mailserver level.  So, I don't know if they are
> spoofing something, because I don't get how it could get through.
> Since my 
> sendmail config isn't blocking it - does anybody know how
> to "blacklist" a domain in spamassassin? 

> I have made spamassassin "learn" that emails 
> like this one are spam, and I have sendmail reject them - but I still 
> get a few a day from these bastards, and I don't know what else to do 
> about it...

First, may I ask why you aren't interested in learning more about the 
The Harry Potter Book Club :_)  I hear everyone is reading it.  My wife 
breezed through all 800+ pages in 48hrs!

Back on topic, here's what I have in my ~/.spamassassin/user_prefs :

# Whitelist and blacklist addresses are now file-glob-style patterns,
# so "friend at somewhere.com", "*@isp.com", or "*.domain.net" will all
# work.
# whitelist_from        someone at somewhere.com
whitelist_from          *@clue.denver.co.us
whitelist_from          *@lists.debian.org
whitelist_from          *@lug.boulder.co.us
whitelist_from          *@netbsd.org
whitelist_from          *@cato.org
whitelist_from          *@cisco.com

blacklist_from          *@ticketmaster.com

-- 
Allons Rouler!

Randy
http://www.arabie.org/

More information about the clue-tech mailing list