At 16:08 2003-07-17 -0700, James Burlington wrote:
[big snip - overquoting isn't useful]
Well, I sent a message with these headers.
From: James Burlington <james_burlington(_at_)yahoo(_dot_)com>
To: procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
Subject: Couple of Questions
Message-ID: <3F1462E2(_dot_)7070803(_at_)yahoo(_dot_)com>
Date: Tue, 15 Jul 2003 13:24:02 -0700
[snip - as is underquoting]
Your message _as_received_ would have contained a *LOT* of additional
headers, which are significant to anything flagging your message as having
a "suspicious header." I distinctly recall mentioning that a diagnostic
would involve resending the message from the affected account TO an account
at a different host so that you could review these.
Message has a suspicious header
Which sure seems to indicate that it is something wrong with the headers of
the message.
It looks like SPAM Assassin flagged it as spam.
.. and quite possibly because of some host involved in the relaying of the
message was in a DNSBL.
Another helpful person emailed me saying he sees it as
probably coming from an open relay.
.. which involves the aforementioned checking mail relays used in the
transmission of a message for DNSBL status. Which was the point of sending
the message to yourself at a different host and checking the headers as
received.
I use Netscape email client along with yahoopops to
retrieve my email and send through my regular SMTP
server at work.
You're sending messages with a From: containing a Yahoo address, but which
never actually relay through a recognized Yahoo server. No surprise there
- I flag messages as spammy for the same reason - they're FORGED freemail
messages.
If this gets through then that confirms it, although
why would it have my work IP as an open relay is still
beyond me.
Probably an unrelated matter.
We are all here to disucss hwo to fight spam and
filter and organize email,
Well, not exactly. The procmail list is for discussing how to use
procmail, to filter (and as a result, organize) mail. SPAM is a common use
of procmail, but it isn't the purpose of this list. Personally, I could do
with a bit less of the "I just received these five spams in my mailbox, how
can I filter them" type messages: I already ditch quite enough real spam
without getting hammered by "relayed-through-the-procmail-list" spam.
I don't complain about that, but was kind of surprized to see my messages
marked as spam.
Because they have a spam characteristic: they're forged yahoo messages.
Of course, the messages I've received from you via the list won't have been
filtered as forged yahoo messages in my filters (since the list didn't
relay your original posts), but even if you had successfully posted, it may
have been ditched. Here's an example of a forged yahoo (and it's spam of
course):
SPAM: +125 Single received header for foreign sender
SPAM: +135 Advisory - relayed through backup MX
SPAM: +(249*2) raw 8-bit characters in the Subject/From/To
SPAM: +100 raw 8-bit characters in the Date
SPAM: +45 Advisory - no X-Envelope-To
SPAM: +25 From/Recipient score 25
SPAM: +100 From service doesn't appear in Received lines
SPAM: +50 Advisory - excess of leading whitespace on subject (2)
SPAM: +35 Advisory - MIME - multipart/mixed
SPAM: +150 forged Yahoo
SPAM: +249 Abundance of triggers
SPAM: Advisory - spammishness is 1512
SPAM: spammishness exceeds threshold of (SNIP)
INFO: SpamFilter v03.08.00 SBS 20030712/1347
>From umtq0nta(_at_)yahoo(_dot_)com Wed Jul 16 08:44:40 2003
Subject: ºèÒ¶º½¿Õ·þÎñÓÐÏÞ¹«Ë¾
Folder: gzip -9fc >> spam.gz 10235
Suggestions:
1. switch to a freemail service which has a web interface you can
stand (or which has an SMTP/POP interface you can use).
2. don't use freemail services, and instead use a real you-own-it
mail address - in the long haul, they're much more versatile.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail