On 11/5/2010 3:06 PM, René Berber wrote:
On 11/5/2010 12:21 PM, Bill Landry wrote:On 11/5/2010 10:04 AM, René Berber wrote:Good day, The signature in the subject is hitting mail sent from legitimate, authenticated users. It is just too general, the signature doesn't (perhaps it can't) distinguish between legitimate use or not. As I said, authenticated users are being blocked, and I can see that by looking at the header that triggers the signature:Received: from [192.168.1.101] (customer-189-254-221-51-sta.uninet-ide.com.mx [189.254.221.51] (may be forged)) (authenticated bits=0) by mail.DOMAIN.com.mx (8.14.4/8.14.4) with ESMTP id oA5G8WdM010436 for<USER@xxxxxxxxxxxxx>; Fri, 5 Nov 2010 10:08:40 -0600 (CST)(I changed my domain to DOMAIN, and username, to prevent spam harvesters grabbing a real mail address) I can provide more info if required.Hi René, Thanks for the report. Since I have only seen the domain used in spam once on 2010-10-31, I have removed the domain from the SpamDomains signature databases.Thanks. Since the "domain" is really an ISP which has a big number of clients (and I mean big), and doesn't usually give control over reverse DNS resolution, does it make sense adding it in the first place? In other words, you are not blocking one computer sending spam, you are blocking many computers, managed by completely different businesses. I know, the lack of a real reverse DNS is the root of the problem. I also know, there is no easy way to know who they are, I do because I live in México, and have dealt with them many times.
The SpamDomains signature databases are automatically update every hour without any human intervention. Although there are many spam verification tests run on each domain before it actually gets added to the SpamDomains signature database, occasionally one gets added that should not be included.
To try and prevent this from happening, I maintain a domain whitelist that currently contains 50354 domains. Based on your recommendation, I have added this domain to the whitelist file so that it cannot inadvertently be re-added to the SpamDomains signature databases.
Regards, Bill