bananas
06-14-2005, 03:44 PM
All the email i get from AZ get marked as spam by my spam filter. I have since whitelisted AZ, however users with less technical know-how may not know how (heh) to do this.
I run SpamAssassin (and actively contribute to the SA community) as my spam filter. SpamAssassin uses a series of tests to assign a score to email. Each test contributes a small amount to the total score. If the total score is above a certain number, the email is marked as spam.
Here are the items that AZ emails hit:
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://spf.pobox.com/why.html?sender=me%40localhost.com&ip=207.36.181.193&receiver=ns1]
This is because the email claims to be really from "[email protected]". However, localhost.com (which is a real domain name, btw) has SPF records that list the servers allowed to send email for localhost.com. The email AZ sent really came from 207-36-181-193.ptr.primarydns.com, which is NOT on localhost.com's list of allowed servers. The fix is to find out where "[email protected]" is being set and change it to a more realistic address.
2.6 DNS_FROM_RFC_BOGUSMX RBL: Envelope sender in bogusmx.rfc-ignorant.org
3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?207.36.181.193>]
0.4 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[207.36.181.193 listed in combined.njabl.org]
0.3 RCVD_IN_SORBS_MISC RBL: SORBS: sender is open proxy server
[207.36.181.193 listed in dnsbl.sorbs.net]
1.6 DNS_FROM_RFC_POST RBL: Envelope sender in postmaster.rfc-ignorant.org
All the remaining major tests indicate that the server that email is sent from is listed in many RBLs. A RBL (realtime black hole) keeps track of computers that send spam (or that the RBL operater THINKS sends spam). When an anti-spam system receives an email, it then ask the RBL if the server it was sent from is a "spamming server".
Note that certain RBLs will list mail servers based on totally different criteria than "spam comes from this server". For instance, two of the above RBLs are for ignoring certain standards for running mail servers such as always accepting mail for the 'postmaster' account, or having a valid MX record in the DNS entries for that server.
In this case, there are 5 distinct RBLs listing the AZ server. This is a pretty good indication that something isn't configured quite right on the mail server and/or DNS records. SORBS and NJABL indicate that this server allows spam to be sent from it (open proxy). The RFC entries indicate there are probably violations of 2 RFCs: domain has a valid MX, and email is accepted for postmaster@ account.
Note that getting OFF a RBL is not necessarily easy to do :(
I run SpamAssassin (and actively contribute to the SA community) as my spam filter. SpamAssassin uses a series of tests to assign a score to email. Each test contributes a small amount to the total score. If the total score is above a certain number, the email is marked as spam.
Here are the items that AZ emails hit:
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://spf.pobox.com/why.html?sender=me%40localhost.com&ip=207.36.181.193&receiver=ns1]
This is because the email claims to be really from "[email protected]". However, localhost.com (which is a real domain name, btw) has SPF records that list the servers allowed to send email for localhost.com. The email AZ sent really came from 207-36-181-193.ptr.primarydns.com, which is NOT on localhost.com's list of allowed servers. The fix is to find out where "[email protected]" is being set and change it to a more realistic address.
2.6 DNS_FROM_RFC_BOGUSMX RBL: Envelope sender in bogusmx.rfc-ignorant.org
3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?207.36.181.193>]
0.4 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[207.36.181.193 listed in combined.njabl.org]
0.3 RCVD_IN_SORBS_MISC RBL: SORBS: sender is open proxy server
[207.36.181.193 listed in dnsbl.sorbs.net]
1.6 DNS_FROM_RFC_POST RBL: Envelope sender in postmaster.rfc-ignorant.org
All the remaining major tests indicate that the server that email is sent from is listed in many RBLs. A RBL (realtime black hole) keeps track of computers that send spam (or that the RBL operater THINKS sends spam). When an anti-spam system receives an email, it then ask the RBL if the server it was sent from is a "spamming server".
Note that certain RBLs will list mail servers based on totally different criteria than "spam comes from this server". For instance, two of the above RBLs are for ignoring certain standards for running mail servers such as always accepting mail for the 'postmaster' account, or having a valid MX record in the DNS entries for that server.
In this case, there are 5 distinct RBLs listing the AZ server. This is a pretty good indication that something isn't configured quite right on the mail server and/or DNS records. SORBS and NJABL indicate that this server allows spam to be sent from it (open proxy). The RFC entries indicate there are probably violations of 2 RFCs: domain has a valid MX, and email is accepted for postmaster@ account.
Note that getting OFF a RBL is not necessarily easy to do :(