On 11/5/2010 12:21 PM, Bill Landry wrote:
On 11/5/2010 10:04 AM, René Berber wrote:
Good day,
The signature in the subject is hitting mail sent from legitimate,
authenticated users.
It is just too general, the signature doesn't (perhaps it can't)
distinguish between legitimate use or not. As I said, authenticated
users are being blocked, and I can see that by looking at the header
that triggers the signature:
Received: from [192.168.1.101]
(customer-189-254-221-51-sta.uninet-ide.com.mx [189.254.221.51] (may
be forged))
(authenticated bits=0)
by mail.DOMAIN.com.mx (8.14.4/8.14.4) with ESMTP id
oA5G8WdM010436
for<USER@xxxxxxxxxxxxx>; Fri, 5
Nov 2010 10:08:40 -0600 (CST)
(I changed my domain to DOMAIN, and username, to prevent spam
harvesters grabbing a real mail address)
I can provide more info if required.
Hi René,
Thanks for the report. Since I have only seen the domain used in spam
once on 2010-10-31, I have removed the domain from the SpamDomains
signature databases.
Thanks.
Since the "domain" is really an ISP which has a big number of clients
(and I mean big), and doesn't usually give control over reverse DNS
resolution, does it make sense adding it in the first place?
In other words, you are not blocking one computer sending spam, you are
blocking many computers, managed by completely different businesses. I
know, the lack of a real reverse DNS is the root of the problem. I also
know, there is no easy way to know who they are, I do because I live in
México, and have dealt with them many times.
