[Systems] Spam spike for list owners (sample header attached)

Bernie Innocenti bernie at codewiz.org
Fri Sep 1 10:24:29 EDT 2017


I think we reject spam even before mailman gets to see it. Check if it's actually working

On September 1, 2017 9:32:49 AM EDT, Sebastian Silva <sebastian at fuentelibre.org> wrote:
>I'm getting one of these every few minutes for several hours now.
>
>Do you know if we could filter `X-Spam-Level: *******` messages to list
>owners?
>
>Delivered-To: sebastian at fuentelibre.org
>Received: by 10.31.138.69 with SMTP id m66csp957032vkd;
>        Fri, 1 Sep 2017 06:02:29 -0700 (PDT)
>X-Google-Smtp-Source:
>ADKCNb6oWRiyxZUthqoYZt3wOfQ3iAcv304b/cGe+UeQVvrZjhJwq7dXRCRnJHugAPnVlEXcGiVW
>X-Received: by 10.200.22.34 with SMTP id
>p31mr2628703qtj.310.1504270949456;
>        Fri, 01 Sep 2017 06:02:29 -0700 (PDT)
>ARC-Seal: i=1; a=rsa-sha256; t=1504270949; cv=none;
>        d=google.com; s=arc-20160816;
>   b=mHynEf4QKZQk3lEyU2sDbc0OfPBGdhNI9d2RvNk29nP1xqL0YliGmboiVVjipH/xMW
>   qJJzcLcSq5aeKr5TJ5QJT7sQJJr7SnmZq56NQa3758nqv3yierCIisVnoejef+VhEQVd
>   /yxrCjLPzepOFCIlyyLY04WvVlaHnRgbcod67MTTnJ42MoTFByYBEK+PSRQcLNmA9+Og
>   +r0E/DEdj/K2j8m+iAdIDhE9pvTLGxV5EUSOaP5hVFwdLhiwgFuAFTQ6ZLQDFTF69k1/
>   x6Q68x0yWFlm0WJsvsG3P/KgBLwJryuCT1horg+gXJ5wtRbVcYHJu2IaijQVVkE2knlW
>         GOWA==
>ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
>d=google.com; s=arc-20160816;
>        h=sender:errors-to:from:to:subject:message-id:date:mime-version
>         :delivered-to:arc-authentication-results;
>        bh=i2de/C2GErF09DjfjZ/J/eyNjRXvN3KiLtBS4knLuDE=;
>   b=COUuvU+VrjFe01CLW0yVMzdciY5EgyStyxyZbTziHVCsnmjXv4WMbWYLoSSEdjolgh
>   k7DJXffxnZ0niVIh3zoabCYM4mSbc0e3DYdBJGAqppj5wOQs53JKs5iDxrGd2XtAe5qi
>   S4uYpp6+g21NiNCsDoUxUmdSSQGZGUVmm2+o9xHbRCMV+umhFAvw4wOGX0saAEX633hB
>   IGzh3/B7YhmNkku3Vlesi+eHKYXAetnNXsADO2Fkcr55EXaT7JioToUN23kjUGd6Eomm
>   rPM3asJGsxYu0egQvmRfWS+G66XbIMzQMRLypsNDrnkPWxmCIMUzmANrQzmoCBW5MBjD
>         05jw==
>ARC-Authentication-Results: i=1; mx.google.com;
>spf=pass (google.com: domain of mailman-bounces at lists.sugarlabs.org
>designates 208.118.235.53 as permitted sender)
>smtp.mailfrom=mailman-bounces at lists.sugarlabs.org;
>       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=qq.com
>Return-Path: <mailman-bounces at lists.sugarlabs.org>
>Received: from sunjammer.sugarlabs.org (sunjammer.sugarlabs.org.
>[208.118.235.53])
>by mx.google.com with ESMTP id
>a129si10097287qkf.434.2017.09.01.06.02.29
>        for <sebastian at fuentelibre.org>;
>        Fri, 01 Sep 2017 06:02:29 -0700 (PDT)
>Received-SPF: pass (google.com: domain of
>mailman-bounces at lists.sugarlabs.org designates 208.118.235.53 as
>permitted sender) client-ip=208.118.235.53;
>Authentication-Results: mx.google.com;
>spf=pass (google.com: domain of mailman-bounces at lists.sugarlabs.org
>designates 208.118.235.53 as permitted sender)
>smtp.mailfrom=mailman-bounces at lists.sugarlabs.org;
>       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=qq.com
>Received: by sunjammer.sugarlabs.org (Postfix)
>	id 4DFAF120C6F; Fri,  1 Sep 2017 09:02:28 -0400 (EDT)
>Delivered-To: icarito at sugarlabs.org
>Received: from sunjammer.sugarlabs.org (localhost [127.0.0.1])
>	by sunjammer.sugarlabs.org (Postfix) with ESMTP id 45C461209E7;
>	Fri,  1 Sep 2017 09:02:28 -0400 (EDT)
>Received: from wdpa.org.tw (unknown [180.118.2.105])
> by sunjammer.sugarlabs.org (Postfix) with ESMTP id E0F231209E7
> for <sugar-devel-owner at lists.sugarlabs.org>;
> Fri,  1 Sep 2017 09:02:23 -0400 (EDT)
>MIME-Version: 1.0
>Date: Fri, 01 Sep 2017 21:02:05 +0800
>Message-ID: <857db7965c70b6a5 at bb4016527c799541>
>Subject:
>=?utf-8?Q?=E6=9C=8B=E5=8F=8B=E5=8A=A0=E7=BE=8E=E5=A5=B3924555777=E5=B2=AD=E5=A8=B628-=E7=B6=B5=E9=87=91=EF=BC=886616c=E5=B7=85co?=
> =?utf-8?Q?m=EF=BC=89?=
>To: sugar-devel-owner at lists.sugarlabs.org
>Received: from wdpa.org.tw (unknown (60.117.14.235])
> by wdpa.org.tw with SMTP id 6a9d2826-a05c-4147-a201-1b2287d4d3df;
>for <sugar-devel-owner at lists.sugarlabs.org>;Fri, 01 Sep 2017 21:02:06
>+08:00
>From: =?utf-8?Q?=E6=A2=81=E8=B4=B5=E7=9C=89?= <71534485 at qq.com>
>Content-Type: multipart/alternative;
> boundary="d4c63b9d-5c4f-4358-8462-9faf7880e7bf"
>X-Spam-Flag: YES
>X-Spam-Status: Yes, score=7.7 required=3.5
>tests=FREEMAIL_ENVFROM_END_DIGIT,
> FREEMAIL_FROM,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,
>MIME_HTML_ONLY_MULTI,MSGID_FROM_MTA_HEADER,RCVD_IN_PBL,RDNS_NONE,SPF_FAIL,
> UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.1
>X-Spam-Report: *  3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus
>PBL
> *      [180.118.2.105 listed in zen.spamhaus.org]
>*  0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
>provider
> *      (71534485[at]qq.com)
>*  0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
>in
> *      digit (71534485[at]qq.com)
> *  0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
> *      [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;
> id=71534485%40qq.com; ip=180.118.2.105; r=sunjammer.sugarlabs.org]
> *  1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> *  0.0 HTML_MESSAGE BODY: HTML included in message
>*  0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
>lines
>*  0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
>parts
>*  0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
>tag
> *  1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
> *  0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
>X-Spam-Level: *******
>X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
> sunjammer.sugarlabs.org
>Errors-To: mailman-bounces at lists.sugarlabs.org
>Sender: "Sugar-devel" <mailman-bounces at lists.sugarlabs.org>
>
>--d4c63b9d-5c4f-4358-8462-9faf7880e7bf
>Content-Type: text/html;
>	charset="utf-8"
>Content-Transfer-Encoding: quoted-printable
>
>=e4=bb=96=e5=95=8a=ef=bc=8c=e6=98=af=e4=b8=8d=e6=98=af=e5=b0=b1=e6=98=af=e9=
>=82=a3=e4=b8=aa=e5=9c=a8=e5=ad=a6=e9=99=a2=e5=ad=a6=e4=b9=a0=e4=ba=86=e4=b8=
>=a4=e5=b9=b4=e5=a4=9a
>--d4c63b9d-5c4f-4358-8462-9faf7880e7bf--
>
>
>_______________________________________________
>Systems mailing list
>Systems at lists.sugarlabs.org
>http://lists.sugarlabs.org/listinfo/systems

-- 
ベルニー
Sent from my Android device with K-9 Mail.


More information about the Systems mailing list