[CLUE-Tech] bad trick
Randy Arabie
randy at arabie.org
Tue Jul 1 07:45:02 MDT 2003
> I have a problem - I have an extensive "ban list" on my server
> to help combat spam. What I mean is, I religously
> update /etc/mail/access with lines like this:
>
> checkyourinbox.com REJECT
>
> I after I edit that file, besides just
> running /etc/rc.d/init.d/sendmail
> restart, I run through these steps in /etc/mail:
>
> make clean
> make all
> newaliases
> /etc/rc.d/init.d/sendmail restart
>
> I have had that checkyourinbox.com line in there for weeks now - yet
> everyday, I get annoying emails from them. I have included the
> headers below from my latest:
>
> Return-Path: <bounce-insidersavings-
> 64791891 at mail15.checkyourinbox.com>
> Received: from mail15.checkyourinbox.com ([146.82.96.236])
> by fimble.com (8.12.8/8.12.8) with SMTP id h612DN5l014529
> for <STAVER at FIMBLE.COM>; Mon, 30 Jun 2003 20:13:24 -0600
> Message-Id: <200307010213.h612DN5l014529 at fimble.com>
> From: "Holly Jensen" <leave-insidersavings-
> 64791891X at mail15.checkyourinbox.com>
> To: STAVER at FIMBLE.COM
> Subject: The Harry Potter Book Club
> Date: Mon, 30 Jun 2003 21:31:25 -0600
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=="
> List-Unsubscribe: <mailto:leave-insidersavings-
> 64791891X at mail15.checkyourinbox.com>
> Reply-To: leave-insidersavings-64791891X at mail15.checkyourinbox.com
> X-Spam-Status: No, hits=2.4 required=4.5
> tests=CLICK_BELOW,HTML_50_60,HTML_LINK_CLICK_HERE,HTML_MESSAGE,
> MSG_ID_ADDED_BY_MTA_3,RISK_FREE
> version=2.55
> X-Spam-Level: **
> X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
>
> This is a multi-part message in MIME format.
>
> --==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: 8bit
>
> So, I'm confused as to how this email keeps getting by - I have them
> rejected at the mailserver level. So, I don't know if they are
> spoofing something, because I don't get how it could get through.
> Since my
> sendmail config isn't blocking it - does anybody know how
> to "blacklist" a domain in spamassassin?
> I have made spamassassin "learn" that emails
> like this one are spam, and I have sendmail reject them - but I still
> get a few a day from these bastards, and I don't know what else to do
> about it...
First, may I ask why you aren't interested in learning more about the
The Harry Potter Book Club :_) I hear everyone is reading it. My wife
breezed through all 800+ pages in 48hrs!
Back on topic, here's what I have in my ~/.spamassassin/user_prefs :
# Whitelist and blacklist addresses are now file-glob-style patterns,
# so "friend at somewhere.com", "*@isp.com", or "*.domain.net" will all
# work.
# whitelist_from someone at somewhere.com
whitelist_from *@clue.denver.co.us
whitelist_from *@lists.debian.org
whitelist_from *@lug.boulder.co.us
whitelist_from *@netbsd.org
whitelist_from *@cato.org
whitelist_from *@cisco.com
blacklist_from *@ticketmaster.com
--
Allons Rouler!
Randy
http://www.arabie.org/
More information about the clue-tech
mailing list