[users] Mail from list detected as Spam

Python python at venix.com
Fri Jan 26 15:33:13 CET 2007 

I wish I had spoken up earlier.  

The key issue is that the round trip look-ups work:
	IP address => host name => IP address
gives the original IP address.  That worked before for
213-193-131-241.adsl.easynet.be.

Now we get:
	213.193.131.241 => pooch.vmhosting.org. => 127.0.0.1
which will not work for those mail servers that check.  

The pooch A record needs to get fixed, or some other name should be used
(e.g. rpmforgelist) so that the round trip look-up will return the
original IP address.  I assume the 127.0.0.1 IP address for pooch was
created to satisfy some need, so you may not be able to change the pooch
A record.

Requiring the round trip look-up to work is fairly effective at limiting
spam.
	
On Fri, 2007-01-26 at 13:28 +0100, Dries Verachtert wrote:
> On Thursday January 25 2007 8:59 pm, Dag Wieers wrote:
> > On Wed, 24 Jan 2007, Alan Hodgson wrote:
> > > On Wednesday 24 January 2007 11:47, Dag Wieers <dag at wieers.com> wrote:
> > > > You base your logic that a reverse name lookup with 'adsl' in the
> > > > name is SPAM. I am telling you that this generalisation of the
> > > > definition SPAM is wrong. The example is this list.
> > >
> > > No one is saying the mail is spam.
> >
> > Actually, it was the sole characteristic for tagging it spam if I read his
> > mail correctly.
> >
> > I don't mind if you take it as part of the calculations (one of the many
> > characteristics). Bug if you don't then I think the problem is the
> > configuration and you'll need to live with the consequences really.
> >
> > The mails from the mailinglist get a -2.5 rating on my spamassassin. And
> > that's well below what is required for spam.
> >
> > > If you look exactly like a bot, you're a lot more likely to be mistaken
> > > for one.  Fixing your reverse DNS is one good way to differentiate
> > > yourself from a bot and will prevent some mail delivery problems.
> >
> > We don't look exactly like the bot, bots look exactly like us. And since
> > it was borught up only once since the existence of the mailinglist and
> > because he customized his spamassassin configuration in order to get this
> > behaviour. He gets exactly what he aimed for :)
> >
> > Again, if Dries can fix that (not use adsl in the reverse), I'm sure he
> > will fix that. Until then you're stuck with custom configuration. And no
> > RFC can help you.
> >
> > BTW There is no RFC that says mail cannot be delivered from a reverse DNS
> > that has the string 'adsl' in it. And I bet there never will be one :)
> 
> I've sent a mail to easynet support and they've changed the reverse dns. It 
> doesn't contain 'adsl' anymore. Everyone happy now? :-)  There's a 
> propagation time of maximum 24 hours.
> 
> [root at pooch ~]# telnet 213.193.131.241 smtp
> Trying 213.193.131.241...
> Connected to 213.193.131.241.
> Escape character is '^]'.
> 220 pooch.vmhosting.org ESMTP Postfix
> QUIT
> 221 Bye
> Connection closed by foreign host.
> [root at pooch ~]# nslookup 213.193.131.241 dns0.easynet.be
> Server:         dns0.easynet.be
> Address:        212.100.160.53#53
> 
> 241.131.193.213.in-addr.arpa    name = pooch.vmhosting.org.
> 
> The reverse ip is now the same as the name used by postfix. This should be ok 
> for Botnet i guess?
> 
> I've read the botnet announcement at 
> http://lists.mailscanner.info/pipermail/mailscanner/2006-December/068369.html 
> and the config file of the latest Botnet at 
> http://people.ucsc.edu/~jrudd/spamassassin/ . I might be wrong but it looks 
> to me that this way of spam catching will create a lot of false positives, 
> no? With the current rules, the config file already needs a whitelist for for 
> example amazon.com.
> 
> kind regards,
> Dries
> 
> _______________________________________________
> users mailing list
> users at lists.rpmforge.net
> http://lists.rpmforge.net/mailman/listinfo/users
-- 
Lloyd Kvam
Venix Corp

More information about the users mailing list