Re: Need a plugin written relating to black/white/yellow lists

Bret Miller wrote:
>
> Bret Miller wrote:
>>> * 127.0.0.1 - whilelist - trusted nonspam
>>> * 127.0.0.2 - blacklist - block spam
>>> * 127.0.0.3 - yellowlist - mix of spam
>>> and nonspam
>>> * 127.0.0.4 - brownlist - all spam - but
>>> not yet enough
>>> to blacklist
>>>
>>>
>>>
>>> And hotmail.com warrants being blacklisted?? Ouch.
>>>
>>> I do like the idea of white and yellow lists. If I
>>> could just get
>>> CommuniGate to add the ability to use it...
>>>
>>> Hotmail would be yellow listed.
>>>
>>
>> My headers say RCVD_IN_JMF_BL, the rule says:
>>
>> header RCVD_IN_JMF_BL eval:check_rbl_sub('JMF', '127.0.0.2')
>> describe RCVD_IN_JMF_BL Sender listed in JMF-BLACK
>> tflags RCVD_IN_JMF_BL net
>> score RCVD_IN_JMF_BL 1.0
>>
>> And here are the headers:
>>
>> X-Spam-Tests: tests=AWL=0.782,BAYES_00=-2.599,EXTRA_MPART_TYPE=1,
>>
>> FH_RELAY_NODNS=1.451,HTML_MESSAGE=0.001,PART_CID_STOCK=1.635,RCVD_IN_JMF_BL=
>> 1,
>>
>> RCVD_IN_MXRATE_WL=-2,RDNS_NONE=0.1,T_TVD_FW_GRAPHIC_ID1=0.01;autolearn=no
>> X-Spam-Score: 1.4
>> X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on mail.hq.wcg.org
>> X-Spam-Level: +
>> X-TFF-CGPSA-Version: 1.6a5
>> X-WCG-CGPSA-Filter: Scanned
>> Return-Path: <trinitycommonground@hotmail.com>
>> Received: from [65.54.246.239] (HELO bay0-omc3-s39.bay0.hotmail.com)
>> by mail.wcg.org (CommuniGate Pro SMTP 5.1.11)
>> with ESMTP id 22324864 for xxxx@wcg.org; Mon, 27 Aug 2007 11:29:31 -0700
>> Received: from hotmail.com ([65.55.130.13]) by
>> bay0-omc3-s39.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
>> Mon, 27 Aug 2007 11:29:16 -0700
>> Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
>> Mon, 27 Aug 2007 11:29:15 -0700
>> Message-ID: <BAY125-DAV327D32C5ED7BF4015B03CA2D20@phx.gbl>
>> Received: from 71.110.94.199 by BAY125-DAV3.phx.gbl with DAV;
>> Mon, 27 Aug 2007 18:29:10 +0000
>> X-Originating-IP: [71.110.94.199]
>> X-Originating-Email: [trinitycommonground@hotmail.com]
>> X-Sender: trinitycommonground@hotmail.com
>> From: " Common Ground" <trinitycommonground@hotmail.com>
>> To: <xxxx>
>> Subject: Back to School Blessings
>> Date: Mon, 27 Aug 2007 11:29:09 -0700
>> MIME-Version: 1.0
>> Content-Type: multipart/related;
>> boundary="----=_NextPart_000_0023_01C7E89D.7C72B430";
>> type="multipart/alternative"
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Mailer: Microsoft Outlook Express 6.00.2900.3138
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
>> X-OriginalArrivalTime: 27 Aug 2007 18:29:15.0665 (UTC)
>> FILETIME=[2C450810:01C7E8D8]
>> Return-Path: trinitycommonground@hotmail.com
>>
>> To me, this equals hotmail is on the black list.
>>
>> Bret
>>
>
> Something is odd. That IP isn't in any of my lists.
>
>
> Indeed. The problem is the rule, not the list. The check looks back
> at all IPs in the path, including the X-Originating-IP headers. So,
> "[2860] dbg: dns: hit
> <dns:199.94.110.71.hostkarma.junkemailfilter.com> 127.0.0.2" is what
> SA says is the problem. I guess I need to look at fixing it so it
> scans only the last external...
>
> Bret
>

I did some experimenting a while back looking at all the received IP addresses and got too many false positives. I had to give up on the idea because it didn't work. Received on Mon Aug 27 18:40:13 2007