mailman sender spam block list

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

mailman sender spam block list

Anahuac

Hello there,

I have this list on sourceforge [hidden email] and every day it came in my personal blacklist.
As you can figure I don't what this, so I started do dig into the logs to try to understand why. The thing is that I don't.

So I'm here asking for help to figure it out.

First the logs:

mar-10-17 13:32:12 [Worker_2] Spam-Report: empty sender is replaced by 'X-Assp-Intended-For' [hidden email] - no reports will be sent                                         mar-10-17 13:32:12 [Worker_2] Spam-Report: process message from [hidden email]
mar-10-17 13:32:12 m-63531-12079 [Worker_1] [TLS-out] 94.177.196.100 <[hidden email]> Message-Score: added 5 (irValencePB) for invalid address [hidden email], total score for this message is now 5
mar-10-17 13:32:12 [Worker_2] Email: [hidden email],[hidden email] removed from Whitelist
mar-10-17 13:32:12 [Worker_2] Email: [hidden email],[hidden email] removed from Whitelist
mar-10-17 13:32:12 [Worker_2] Email: personal blacklist added: [hidden email],[hidden email]
mar-10-17 13:32:12 m-63532-07185 [Worker_1] 94.177.196.100 info: PB-IP-Score for '94.177.196.0' is 5, added 5 in this session
mar-10-17 13:32:12 m-63532-07185 [Worker_1] 94.177.196.100 disconnected: session:7F415D9F6CF0 94.177.196.100  - processed ids m-63531-12079 m-63532-07185 - processing time 1 seconds
mar-10-17 13:32:12 [Worker_1] Worker_1 will sleep now
mar-10-17 13:32:12 [Worker_2] Email: personal blacklist added: [hidden email],[hidden email]
mar-10-17 13:32:12 [Worker_2] Email: personal blacklist added: [hidden email],[hidden email]
mar-10-17 13:32:12 [Worker_2] Info: report message written to -> /usr/share/assp2/errors/spam/_heitor_bacula_com_br_spam--72276.rpt.eml
mar-10-17 13:32:12 [Worker_2] Spam-Report: finished report-message from [hidden email]
mar-10-17 13:32:12 m-63532-01188 [Worker_2] 144.76.146.38 disconnected: session:7F4155951788 144.76.146.38  - processed ids m-63531-08447 m-63532-01188 - processing time 1 seconds
mar-10-17 13:32:12 [Worker_2] Worker_2 will sleep now


As you can see all starts with [hidden email] being removed from the whitelist and then added to personal blacklist...
The report message (_heitor_bacula_com_br_spam--72276.rpt.eml) is this:

X-Assp-Reported-By: [hidden email] Subject: [hidden email]: spam Received: from mout.gmx.net ([212.227.15.15] helo=mout.gmx.net)
X-Assp-ID: kyahosting.com m-63526-12337^MX-Assp-Tag: MessageLimit^MX-Assp-Envelope-From: [hidden email]^MX-Assp-Intended-For: [hidden email]^MReceived: from server.kyahosting.com (LHLO server.kyahosting.com)
(144.76.146.38) by server.kyahosting.com with LMTP; Fri, 10 Mar 2017
13:32:11 -0300 (BRT)
Received: from server.kyahosting.com (localhost.localdomain [127.0.0.1])
by server.kyahosting.com (Postfix) with ESMTPS id 636B957802B3
for <[hidden email]>; Fri, 10 Mar 2017 13:32:11 -0300 (BRT)
Received: from KyaHosting (localhost.localdomain [127.0.0.1])
by server.kyahosting.com (Postfix) with ESMTPS id 9456B57802AE
for <[hidden email]>; Fri, 10 Mar 2017 13:32:06 -0300 (BRT)
X-Assp-Version: 2.5.5(16366) on kyahosting.com
X-Assp-ID: kyahosting.com m-63526-12337
X-Assp-Session: 7F415E6CA158 (mail 1)
X-Assp-Detected-RIP: 109.45.1.16
X-Assp-Source-IP: 109.45.1.16 X-Assp-Envelope-From: [hidden email]
X-Assp-Intended-For: [hidden email]
X-Assp-Client-TLS: yes
X-Assp-Server-TLS: yes
X-Assp-Message-Score: -10 (SSL-TLS-connection-OK)
X-Assp-IP-Score: -10 (SSL-TLS-connection-OK)
X-Assp-Message-Score: 10 (Message-ID not valid: 'trinity-bba6e4dd-4736-4805-b2a6-5ef88c424925-1489163524746@msvc-mesg-gmx119')
X-Assp-IP-Score: 10 (Message-ID not valid: 'trinity-bba6e4dd-4736-4805-b2a6-5ef88c424925-1489163524746@msvc-mesg-gmx119')
X-Original-Authentication-Results: kyahosting.com; spf=pass
X-Assp-Message-Score: -10 (SPF pass)
X-Assp-IP-Score: -10 (SPF pass)
X-Assp-Message-Score: 10 (Foreign IP-Country DE (1&1 INTERNET AG))
X-Assp-Message-Score: 17 (DNSBL: neutral, 109.45.1.16 listed in
l2.apews.org zen.spamhaus.org)
X-Assp-IP-Score: 17 (DNSBL: neutral, 109.45.1.16 listed in l2.apews.org
zen.spamhaus.org)
X-Assp-DNSBL: neutral, 109.45.1.16 listed in (l2.apews.org<-127.0.0.2;
zen.spamhaus.org<-127.0.0.11; )
X-Assp-Re-bombRe: PB 26: for 10% discount
X-Assp-Message-Score: 26 (Regex: bombRe 'PB 26: for 10% discount' bombRe:
'10% discount')
X-Assp-IP-Score: 26 (Regex: bombRe 'PB 26: for 10% discount' bombRe: '10%
discount')
X-Assp-Message-Score: 49 (HMM Probability: 1.00000)
X-Assp-IP-Score: 49 (HMM Probability: 1.00000)
X-Assp-Tag: MessageLimit
X-Assp-Spam: YES (Probably)
X-Spam-Status:yes
X-Assp-Spam-Reason: MessageScore passed low limit
X-Assp-Message-Totalscore: 92
Received: from mout.gmx.net ([212.227.15.15] helo=mout.gmx.net) by
kyahosting.com with SMTPS(TLSv1_2 ECDHE-RSA-AES128-GCM-SHA256) (2.5.5); 10 Mar 2017 13:32:06 -0300
Received: from [109.45.1.16] by msvc-mesg-gmx119.server.lan (via HTTP); Fri,
10 Mar 2017 17:32:04 +0100
MIME-Version: 1.0


Well AFAIK this [hidden email] sent a message to the list [hidden email] and ASSP caught it on a DNSBL right?
What I don't understand is why ASSP removes [hidden email] from whitelist and add it to the personal blacklist if the issue is with [hidden email]?

I've already added sourceforge.net on noProcessingDomains and *@lists.sourceforge.net|*@*.sourceforge.net on whiteListedDomains but this ain't worked.

Can anyone give me a hand?

Thanks


--
Anahuac de Paula Gil

"É agitando que se transforma a vida, o homem, a sociedade, o mundo".
Francisco Julião

Anahuac - http://www.anahuac.eu
Tuttiverde - http://www.tuttiverde.com.br
KyaHosting - http://www.kyahosting.com
GUIA EcoMedical - http://ecomedical.med.br
EXPOTEC - http://www.expotec.org.br
suaNuvem - http://www.suanuvem.com
DiasporaBR - http://diasporabr.com.br
OpenLDAP - http://www.openldap.com.br
Twitter: @anahuacpg
Diaspora: [hidden email]
Jabber/XMPP: [hidden email]

------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user