[SA-exim] sa-exim mail ironically popping up as spam

Tony Earnshaw tonni at billy.demon.nl
Sat May 24 14:01:39 PDT 2003


lør, 24.05.2003 kl. 00.25 skrev Marc MERLIN:

> > Curious. I haven't noticed any spam from this list.
>  
> There isn't any.
>  
> > What did it look like (e.g. the full headers, for example)?
> 
> It doesn't matter, people should have SA off for spam whitelists they
> subscribe to.
> If I post SA patterns as an example, it will trigger SA

Hmm ... SA-Exim 4.20/3.0 w/ SA 2.60-CVS gave an smtp 550 to an obviously
bogus mail yesterday (was refused because of FORGED_OUTLOOK_TAGS, all
the RBLs, DNSBLs had the IP number as a blacklisted proxy, relay etc,
was encoded base64, FORGED_RCVD_HELO, FORGED_RCVD_TRAIL,  etc) and
scored 9.60. I SA-Exim-refuse at 7.0; I never had a false positive
before. Unfortunately I couldn't 'less' the text (saved in
SApermreject), because of the base64 encoding, so I didn't check it.

O.k., I accepted this as fresh fish and told postmaster at openldap.org
(none less than Kurt Zeilenga, in whose bad books I already am :) that
there were horrible people at work, forging his signature.

The Openldap mailing list kicks you off the list for one single smtp
550. I sent it 3, the message was repeated and refused 3 times.

Later, I had a look at the mail - cat'ted it >> to my Evolution mbox
Temp mailbox. It was a *GENUINE POSTING* from the Openldap.org mailing
list. Not a fake, not spam.

I quickly put two regexes (a single meta rule) into my local.cf to
whitelist the Openldap mailing list, sent a fawning "so utterly sorry"
to postmaster at openldap.org and hoped I wouldn't be kicked off the list
yet again, like last time.

Which only goes to show the importance of whitelisting each and every
mailing list, including SA-Exim.

Tony

-- 
Tony Earnshaw <tonni at billy.demon.nl>




More information about the SA-Exim mailing list