spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Am i sending spam?

Re: Am i sending spam?

From: David B Funk <dbfunk_at_nospam>
Date: Fri Dec 23 2011 - 22:03:35 GMT

On Fri, 23 Dec 2011, David B Funk wrote:

> On Fri, 23 Dec 2011, David F. Skoll wrote:
>> On Fri, 23 Dec 2011 22:10:22 +0100
>> "Lars Ebeling" <> wrote:
>> You are not sending spam. Someone on the machine
>> [ connected to your machine and
>> said:
>> In other words, the HELO domain was faked. We automatically block mail
>> from anyone who HELOs as our machine (unless it really *is* from our
>> machine,
>> of course!)
> Not to mention the fact that IP addr is listed in
> as a malware source and that "message.bat" attachment looks -very-
> suspicious.
> Do you have any kind of AV running in your mail system?
> The original of that message gets identified as "Worm.Mydoom.M FOUND"
> by ClamAV. We run ClamAV as an input milter filter ahead of spamassasin,
> no sense wasting time/cycles on known viri. ;)

One additional odd-tristing thing about that message;
That IP addr ([]) is listed in multiple DNSBLS
(eg, zen.spamhaus ) but gets a "whitelist" rating

So if I were to actually believe hostkarma I wouldn't have filtered
that message at all. ;(

Does anybody actually believe hostkarma's "whitelist" ratings?

I've seen lots of blatant spammers get whitelist. I used to
report them to Marc but gave up when after reporting a whitelisted
malware/phish message he replied 'looks ok to me'.

-- Dave Funk University of Iowa <dbfunk (at)> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{