[Postfixbuch-users] OT: wie diesen Spam blockieren

Uwe Driessen driessen at fblan.de
Mi Mär 17 13:42:19 CET 2010 

On Behalf Of Jörg Reißlein
> 
> Hallo Liste,
> 
> sorry für OT, vielleicht kann mir hier jemand helfen.
> Unser eigentlich recht zuverlässiges Filterkombinat aus
> SpamAssassin/ClamAV/Amavisd-new
> hält offensichtlich maschinell ins Deutsche übersetzte Versionen der
> Nigeria-Connection
> Mails für legitim. Der Score ist sogar negativ.
> 
> Hier mal eine Beispielmail mit Header:
> 
> ----------------------------------------------------------------------------
> -----------------
> 
> Received: from n71.bullet.mail.sp1.yahoo.com (n71.bullet.mail.sp1.yahoo.com
> [98.136.44.36])
> 	by xxx () with SMTP id 5FEE31D0294
> 	for <xxx>; Tue, 16 Mar 2010 16:58:43 +0100 (CET)
> Received: from [216.252.122.218] by n71.bullet.mail.sp1.yahoo.com with
> NNFMP; 16 Mar 2010 15:58:41 -0000
> Received: from localhost (localhost [127.0.0.1])
> 	by xxx () with ESMTP id 88FC11D03E4
> 	for <xxx>; Tue, 16 Mar 2010 16:58:51 +0100 (CET)
> Received: from mail.schmitt-aufzuege.de ([127.0.0.1])
> 	by localhost (xxx [127.0.0.1]) (amavisd-new, port 10024)
> 	with ESMTP id dMCrlW4LkRhB
> 	for <xxx>;
> 	Tue, 16 Mar 2010 16:58:45 +0100 (CET)
> Received: from [74.6.115.238] by t3.bullet.sp1.yahoo.com with NNFMP; 16 Mar
> 2010 15:58:41 -0000
> Received: (qmail 75412 invoked by uid 60001); 16 Mar 2010 15:58:41 -0000
> Received: from [41.205.166.241] by web1115.biz.mail.sk1.yahoo.com via HTTP;
> Tue, 16 Mar 2010 08:58:41 PDT
> Received: from [74.6.115.188] by t1.bullet.mail.sk1.yahoo.com with NNFMP; 16
> Mar 2010 15:58:41 -0000
> Received: from [127.0.0.1] by omp105.mail.sk1.yahoo.com with NNFMP; 16 Mar
> 2010 15:58:41 -0000
> Received: from localhost (localhost [127.0.0.1])
> 	by xxx () with ESMTP id E3AC31D03FA
> 	for <xxx>; Tue, 16 Mar 2010 16:58:52 +0100 (CET)
> Received: from xxx ([unix socket])
> 	by mail () with LMTP; Tue, 16 Mar 2010 16:58:53 +0100
> Received: from xxx ([127.0.0.1])
> 	by localhost (xxx [127.0.0.1]) (amavisd-new, port 10024)
> 	with ESMTP id 68fk58SiCHwH for <xxx>;
> 	Tue, 16 Mar 2010 16:58:52 +0100 (CET)
> Received: from xxx ([unix socket])
> 	by mail () with LMTP; Tue, 16 Mar 2010 16:58:51 +0100
> Received: by xxx (from userid 96)
> 	id 4F16B1D03E9; Tue, 16 Mar 2010 16:58:51 +0100 (CET)
> Return-Path: <davgreen at contactdepartment.biz>
> Reply-To: <drdavidgreen44 at yahoo.co.uk>
> From: "NATWEST BANK LONDON" <davgreen at contactdepartment.biz>
 

Setz in Amavis mal den $sa_tag_level_deflt auf -100 und schau dir an was da den niedrigen
Score verursacht.

Sanesecuritys eingebunden? 

In Postfix client_check = yahoo.com = reject *gg

Mit freundlichen Grüßen

Drießen

-- 
Software & Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: +49 06708 / 660045   Fax: +49 06708 / 661397

Mehr Informationen über die Mailingliste Postfixbuch-users