[summaries: [SpamCop summary report]]

[summaries: [SpamCop summary report]]

[Christopher Faylor]

I've been getting these with increasing frequence lately.

Apparently, we're again sending something to their spam trap
and users are complaining about spam.

Anyone have any insight?  The web site isn't very informative about
what's going on.

cgf

----- Forwarded message from SpamCop robot -----

From: SpamCop robot
Subject: [SpamCop summary report]
Date: Fri, 24 Mar 2006 11:24:50 GMT

[ SpamCop V1.527 Summary Report ]
-- See footer for key to columns and notes about this report --

     IP_Address Start/Length Trap User Mole Simp Comments
                RDNS

209.132.176.174 Mar 19 10h/3    2    3    0    0 
                sourceware.org


-- Key to Columns --
IP Address:  The numeric address.
Start:       The first date (within the past week) that spam was 
             reported to have originated from the IP address.
Length:      The duration of the incident in # of days
Trap:        Messages received at traps.
User:        Messages reported by registered users.
Mole:        Messages reported by registered users who prefer to remain
             anonymous.
Simp:        Simple reports - messages submitted by unregistered users.
Comments:    Notes reflect blocking-list status and issue-resolved status.
RDNS:        Reverse dns name of ip address (must pass forward and reverse)

-- Summary Report Notes --
o  All times are GMT, exact time of incident withheld.
o  Time of this report is: Fri Mar 24 11:24:50 2006
o  To close an issue, or get more details, log into your account:
   http://www.spamcop.net/
o  Issues are sorted with the newest reports first.  Resolving new
   issues first heads off additional spam from in-progress sources.
o  This email is intended to be viewed with a fixed-width font.
o  This email was requested in your SpamCop preferences page - where
   it may be disabled.
o  This report is sent periodically, but only if there have been changes.

----- End forwarded message -----

Re: [summaries: [SpamCop summary report]]

[Frank Ch. Eigler]

Hi -

> [...]  Anyone have any insight?  The web site isn't very informative
> about what's going on. [...]

Is there a class of spamassassin test we're not using yet?  DNSBL?
URLDNSBL?  DCC/Pyzor/etc.?  Can qmail callout-verify MAIL FROM:
senders like exim can?

- FChE

Re: [summaries: [SpamCop summary report]]

[Christopher Faylor]

On Fri, Mar 24, 2006 at 11:12:30AM -0500, Frank Ch. Eigler wrote:
>Hi -
>
>> [...]  Anyone have any insight?  The web site isn't very informative
>> about what's going on. [...]
>
>Is there a class of spamassassin test we're not using yet?  DNSBL?
>URLDNSBL?  DCC/Pyzor/etc.?  Can qmail callout-verify MAIL FROM:
>senders like exim can?

/var/log/maillog reports blocks due to URIBL_* and blocks due to
BL_IN_SPAMCOP wouldn't that indicate that both are active?

qpsmtpd verifies RCPT TO: .  I have some from addresses blocked.  I
don't know what you mean by callout-verify.

cgf

Re: [summaries: [SpamCop summary report]]

[Frank Ch. Eigler]

[-- Attachment #1: Type: text/plain, Size: 914 bytes --]

Hi -

cgf wrote:

> >Is there a class of spamassassin test we're not using yet?  DNSBL?
> >URLDNSBL?  DCC/Pyzor/etc.?  Can qmail callout-verify MAIL FROM:
> >senders like exim can?
> 
> /var/log/maillog reports blocks due to URIBL_* and blocks due to
> BL_IN_SPAMCOP wouldn't that indicate that both are active?

The DCC/Pyzor/Razor2 stuff is worth adding, if it's not there already.

> qpsmtpd verifies RCPT TO: .  I have some from addresses blocked.  I
> don't know what you mean by callout-verify.

Exim verifies the MAIL FROM: record, by trying to call out to the MX
server for the claimed originator domain, to try to deliver a dummy
message back to the claimed email address.  It can dispose of or mark
email whose originating address was fake.  My spam file contains many
hits of this criterion, which spamassassin can incorporate via bayes
or direct header-testing clauses.

- FChE

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [summaries: [SpamCop summary report]]

[Jonathan Larmour]

Frank Ch. Eigler wrote:
> Hi -
> 
> cgf wrote:
> 
> 
>>>Is there a class of spamassassin test we're not using yet?  DNSBL?
>>>URLDNSBL?  DCC/Pyzor/etc.?  Can qmail callout-verify MAIL FROM:
>>>senders like exim can?
>>
>>/var/log/maillog reports blocks due to URIBL_* and blocks due to
>>BL_IN_SPAMCOP wouldn't that indicate that both are active?
> 
> 
> The DCC/Pyzor/Razor2 stuff is worth adding, if it's not there already.

Indeed. I've used Razor2 happily. I haven't tried Pyzor or DCC. Checking 
against three different checksums may add up to a fair few resources, but 
probably less than letting spams through :).

This may be useful:
http://spamassassinbook.packtpub.com/chapter11_preview.htm

>>qpsmtpd verifies RCPT TO: .  I have some from addresses blocked.  I
>>don't know what you mean by callout-verify.
> 
> 
> Exim verifies the MAIL FROM: record, by trying to call out to the MX
> server for the claimed originator domain, to try to deliver a dummy
> message back to the claimed email address.  It can dispose of or mark
> email whose originating address was fake.  My spam file contains many
> hits of this criterion, which spamassassin can incorporate via bayes
> or direct header-testing clauses.

Sounds expensive for a busy mail hub like sourceware though.

Jifl
-- 
--["No sense being pessimistic, it wouldn't work anyway"]-- Opinions==mine