[SoCoSA/discuss] wierd emails to postmaster
gandalf at sonic.net
gandalf at sonic.net
Fri Feb 13 12:46:41 PST 2009
lakefrontwebhosting.com is the server's domain. I just got it one so it would have one for testing and other issues. It is the mailserver for corporate-image.com and a half dozen others. So both of those are valid and I assume correctly white listed. Looks like 243.Red-79-156-145.staticIP.rima-tde.net sent the message in this case to postmaster at corporate-image.com which is a valid address.
(imagine a cute or dirty tagline here)
On Fri 13/02/09 8:27 AM , "Trevor Benson" tbenson at a-1networks.com sent:
> Does spamassassin take its whitelist (for the local domain) and
> basically pass all spam if someone says its from the company? I just
> noticed the -86.2 score and it seems pretty tough to reach a positive
> 5 to mark spam, and then noticed the only reason i could think of is
> that spamassassin doesnt check the corporate-image.com local domain
> against a list of smtp or DNS to see that lakefrontwebhosting.com
> (probably) doesnt host it and shouldnt be applied the whitelist.
>
> These are all basic assumptions by looking at the headers however.
>
>
> Trevor Benson
> A1 Networks
> (707)570-2021 x201
> tbens
> on at a-1networks.com
>
>
> On Feb 11, 2009, at 1:21 PM, gandalf at son
> ic.net wrote:
> > I got two of these this morning from different
> non existent but > possible email addresses. They have an odd
> feeling about them. The > bodies were the same to cursory inspection, just
> a list of email > addresses.
> >
> > Return-Path: <hdt at c
> orporate-image.com>> X-Spam-Checker-Version: SpamAssassin 3.2.4
> (2008-01-01) on> coco.lakefrontwebhosting.com
> > X-Spam-Level:
> > X-Spam-Status: No, score=-86.2 required=5.0
> tests=BAYES_50,>
> > DNS_FROM_RFC_BOGUSMX
> >
> ,FH_HELO_ALMOST_IP,HELO_DYNAMIC_SPLIT_IP,MISSING_HEADERS,>
> MISSING_SUBJECT,TVD_SPACE_RATIO,USER_IN_WHITELIST autolearn=no
> > version=3.2.4
> > Received: from
> 243.Red-79-156-145.staticIP.rima-tde.net > (243.Red-79-156-145.staticIP.rima-tde.net
> [79.156.145.243])> by coco.lakefrontwebhosting.com (8.13.8/8.13.8)
> with SMTP id > n1BJLclZ021724
> > for <postmaster at corporate-image.com>; Wed, 11 Feb 2009 11:21:52
> -0800> Date: Wed, 11 Feb 2009 11:21:38 -0800
> > From: hdt at c
> orporate-image.com> Message-Id: <200902111921.n1BJLclZ021724 at coco.lakefrontwebho
> sting.com>>
> > lornahelto
> n at ff.com> poe at westl
> andinc.com> fitz at cableo
> ne.net> fitz at cei.net
> > fitz at cpdns.net
> > jgammon@
> wal-mart.com> sutton at serramontehonda.dealerspace.com> sutton at setc
> ap.com> sutton at sppg.c
> om> sutton
> @sxnhcxc.die.net> wmyzzbhpbf
> @zeg.com> matnymeyer
> @gci.net> mato-y at jesc
> .or.jp> fs
> rap-cc at panaceabiotec.com> fsrape at agi
> liti.com> fsrat
> ionale at norsoft.com> dammann at cpd
> ns.net> damno
> us at promobility.net> dammjp at pion
> et.net> damm
> rich at promobility.net> fsrealxmf
> @p-h-s.com> fsr
> eceiver at hwelectric.com> manfred.hinterlechner at partner.bmw.com> darius
> _harris at irco.com> info at ve
> nturesintl.com> dal
> las at nanniesandmore.com> dallas at em
> broidme.co>
> >
> _______________________________________________> SoCoSA discuss mailing list
> > discuss at so
> cosa.org> Your address: tbens
> on at a-1networks.com> http://socosa.org/mailman/listinfo/discuss> http://socosa.org/mailman/options/discuss/tbenson@a-1networks.c
> om
>
>
>
More information about the discuss
mailing list