Greetings!
As anyone who manages an email service, I struggle against spammers. Since I started to use hMailServer, this task became much easier. Among the options I have tried, the amount of resources embedded on hMailServer to help decide if a message is legitimate has no match. However, when external information is needed, I found no suitable DNSBL to fulfil all subtlety hMailServer can provide. Most DNSBL only give a yes or no answer for a given IP. Moreover, one may need to cash negative DNS results in order to reduce bandwidth with DNSBL servers.
With those drawback in mind, two years ago I decided to build my own DNSBL from scratch. It has 7 levels of classification and always give a positive response.
Despite the fact it is still beta, I decided to open it to the public. So I am inviting those who wish to try it. More information on how to access the service is available at www.spamdonkey.com.
I hope you find it useful.
Eduardo
New DNSBL designed for hMailServer
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
Love the name. How do you obtain IPs to score?
I just put it first in line of filters, but to send me a notification of what gets hit (not to reject - yet). Let's see how it works!
I just put it first in line of filters, but to send me a notification of what gets hit (not to reject - yet). Let's see how it works!
Re: New DNSBL designed for hMailServer
I am a bit anxious to use it, as my own home private IP Address, whilst not on any blacklist, is listed as Level 5 in SpamDonkey 
Wonder how this is scored?
Wonder how this is scored?
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
Re: New DNSBL designed for hMailServer
Me too. So far all my hits have mirrored spamassassin.
Re: New DNSBL designed for hMailServer
If anyone likes to give it a go from within SpamAssassin (i kept the scores very low, for testing purposes)
21_spamdonkey.cf
21_spamdonkey.cf
Code: Select all
ifplugin Mail::SpamAssassin::Plugin::DNSEval
# SpamDonkey
header __RCVD_IN_SPAMDONKEY eval:check_rbl('spamdonkey-lastexternal','dnsbl.spamdonkey.com.')
describe __RCVD_IN_SPAMDONKEY Sender listed in SpamDonkey
tflags __RCVD_IN_SPAMDONKEY net
reuse __RCVD_IN_SPAMDONKEY
# SpamDonkey Whitelist level
# The IP belongs to a serious and recognised email service which provides person to person communication and do not allow mass mailing through its servers.
header RCVD_IN_SPAMDONKEY_WL eval:check_rbl_sub('spamdonkey-lastexternal', '126.0.0.0')
describe RCVD_IN_SPAMDONKEY_WL Sender listed in SpamDonkey Whitelist level
tflags RCVD_IN_SPAMDONKEY_WL nice net
reuse RCVD_IN_SPAMDONKEY_WL
score RCVD_IN_SPAMDONKEY_WL 0 -1.0 0 -1.0 # please adjust the score value
# SpamDonkey Clean level
# It means either there is no data about it or it belongs to someone who does not send mass mailing.
header RCVD_IN_SPAMDONKEY_CL eval:check_rbl_sub('spamdonkey-lastexternal', '127.0.0.0')
describe RCVD_IN_SPAMDONKEY_CL Sender listed in SpamDonkey Clean level
tflags RCVD_IN_SPAMDONKEY_CL nice net
reuse RCVD_IN_SPAMDONKEY_CL
score RCVD_IN_SPAMDONKEY_CL 0 -0.1 0 -0.1 # please adjust the score value
# SpamDonkey Level 1
# There was some report of unsolicited mail coming from this IP, but it should be safe to deliver its messages.
# The IP has not a spotless reputation, however, there is not enough evidence to classify it as a spammer
header RCVD_IN_SPAMDONKEY_L1 eval:check_rbl_sub('spamdonkey-lastexternal', '127.0.0.1')
describe RCVD_IN_SPAMDONKEY_L1 Sender listed in SpamDonkey Level-1
tflags RCVD_IN_SPAMDONKEY_L1 net
reuse RCVD_IN_SPAMDONKEY_L1
score RCVD_IN_SPAMDONKEY_L1 0 0.1 0 0.1 # please adjust the score value
# SpamDonkey Level 2
# The IP belongs to a service which sends legitimate mass emails and take care about spammers operating on their servers.
# Their clients are asked to use their own lists of emails and the service does care about how those addresses have been obtained.
# Some unsolicited mail may come from this source, but not as a rule and its messages cannot be classified as spam by this criteria alone.
# Social media email falls under this classification to.
header RCVD_IN_SPAMDONKEY_L2 eval:check_rbl_sub('spamdonkey-lastexternal', '127.0.0.2')
describe RCVD_IN_SPAMDONKEY_L2 Sender listed in SpamDonkey Level-2
tflags RCVD_IN_SPAMDONKEY_L2 net
reuse RCVD_IN_SPAMDONKEY_L2
score RCVD_IN_SPAMDONKEY_L2 0 0.25 0 0.25 # please adjust the score value
# SpamDonkey Level 3
# The IP belongs to a email marketing service that sends both solicited and unsolicited advertisement.
# It is a threshold for spam. You must decide what to do with this level, but we recommend send it to the spam folder
header RCVD_IN_SPAMDONKEY_L3 eval:check_rbl_sub('spamdonkey-lastexternal', '127.0.0.3')
describe RCVD_IN_SPAMDONKEY_L3 Sender listed in SpamDonkey Level-3
tflags RCVD_IN_SPAMDONKEY_L3 net
reuse RCVD_IN_SPAMDONKEY_L3
score RCVD_IN_SPAMDONKEY_L3 0 0.5 0 0.5 # please adjust the score value
# SpamDonkey Level 4
# The IP belongs to a mass email service that send mostly unsolicited advertisement.
# Messages coming from it should go to spam folder.
header RCVD_IN_SPAMDONKEY_L4 eval:check_rbl_sub('spamdonkey-lastexternal', '127.0.0.4')
describe RCVD_IN_SPAMDONKEY_L4 Sender listed in SpamDonkey Level-4
tflags RCVD_IN_SPAMDONKEY_L4 net
reuse RCVD_IN_SPAMDONKEY_L4
score RCVD_IN_SPAMDONKEY_L4 0 1.0 0 1.0 # please adjust the score value
# SpamDonkey Level 5
# This is not a legitimate service and anything coming from this IP should be discarded without concern.
header RCVD_IN_SPAMDONKEY_L5 eval:check_rbl_sub('spamdonkey-lastexternal', '127.0.0.5')
describe RCVD_IN_SPAMDONKEY_L5 Sender listed in SpamDonkey Level-5
tflags RCVD_IN_SPAMDONKEY_L5 net
reuse RCVD_IN_SPAMDONKEY_L5
score RCVD_IN_SPAMDONKEY_L5 0 1.1 0 1.1 # please adjust the score value
endif
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
Re: New DNSBL designed for hMailServer
I moved SpamDonkey check to last in line of connection filters in OnHELO in EventHandlers.vbs to see if it picks up anything unique that wasn't already on spamhaus. So far i have one hit for 195.28.201.78 which is clean on spamhaus. I tested the IP using the smtp dialogue on mxtoolbox.com which reports it as being a possible open relay.
I think that's a good sign there is original content.
195.28.201.78 was listed on the following blacklists according to mxtoolbox.com:
BARRACUDA, Hostkarma Black, ivmSIP, LASHBACK
Edit - after banning to the firewall, 195.28.201.78 attempted to connect again 72 times so far according to the firewall log. Au revoir, les spammeurs de relay ouvrir!
http://hmsfirewallbandemo.ddns.net/sear ... SpamDonkey
I think that's a good sign there is original content.
195.28.201.78 was listed on the following blacklists according to mxtoolbox.com:
BARRACUDA, Hostkarma Black, ivmSIP, LASHBACK
Edit - after banning to the firewall, 195.28.201.78 attempted to connect again 72 times so far according to the firewall log. Au revoir, les spammeurs de relay ouvrir!
http://hmsfirewallbandemo.ddns.net/sear ... SpamDonkey
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
All home IPs are automatically blocked by SpamDonkey. During the development of the service I notice that most email containing viruses or phishing messages were sent from domestic connections. Serious ISPs block port 25 to home users.
Eduardo
Re: New DNSBL designed for hMailServer
That is weird and a bit harsh because not all home IP's are spammers, I pay my ISP quitte a bit to have a static home IP and to be allowed to run my own mailserver.EduardoFoltran wrote: ↑2019-07-19 11:22All home IPs are automatically blocked by SpamDonkey. During the development of the service I notice that most email containing viruses or phishing messages were sent from domestic connections. Serious ISPs block port 25 to home users.
Eduardo
As SpamDonkey scores me with the highest possible ranking i think it is useless for me... spamhaus at least has an option to get home IP's running servers off their PBL
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
As anyone, I have spamtraps. Other than that, I collect intelligence about the IP. I check the PTR record, look if it matches with DNS record, check for SPF record, check WHOIS to see how old the domain is, check for key words on the domain, check if there is a website on that domain and what it does, etc. It is a long list of criteria I developed during the last 2 years. Moreover, the queries my algorithm can’t handle are saved for manual verification.
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
I aim for the PTR record to identify a home connections. You will not be blocked if your PTR record matches your DNS. But if you are using your IPS PTR as your server name, I am sorry but you will be blocked.RvdH wrote: ↑2019-07-19 11:36That is weird and a bit harsh because not all home IP's are spammers, I pay my ISP quitte a bit to have a static home IP and to be allowed to run my own mailserver.
As SpamDonkey scores me with the highest possible ranking i think it is useless for me... spamhaus at least has an option to get home IP's running servers off their PBL
Tell me your IP address. I will check it manually and tell why it was blocked.
Re: New DNSBL designed for hMailServer
EDIT ... I am aparently way too slow writing stuff here 
Perhaps the fact that I have a different rDNS (my domain) from all the rest of the subscriber base ?
Anyways, I have a "yellow" status on SORBS (127.0.0.10). I once tried to delist myself from their DUHL.
http://multirbl.valli.org/
Interesting ... I have the same type of home xDSL subscriber with static IP and custom rDNS.RvdH wrote: ↑2019-07-19 11:36That is weird and a bit harsh because not all home IP's are spammers, I pay my ISP quitte a bit to have a static home IP and to be allowed to run my own mailserver.
As SpamDonkey scores me with the highest possible ranking i think it is useless for me... spamhaus at least has an option to get home IP's running servers off their PBL
Code: Select all
C:\WINDOWS>nslookup (x).72.51.87.dnsbl.spamdonkey.com
Server: bigbrother.acme.inc
Address: 192.168.0.50
Non-authoritative answer:
Name: (x).72.51.87.dnsbl.spamdonkey.com
Address: 127.0.0.1
Code: Select all
C:\WINDOWS>nslookup (x+1).72.51.87.dnsbl.spamdonkey.com
Server: bigbrother.acme.inc
Address: 192.168.0.50
Non-authoritative answer:
Name: (x+1).72.51.87.dnsbl.spamdonkey.com
Address: 127.0.0.5
Code: Select all
C:\WINDOWS>nslookup 87.51.72.(x+1)
Server: bigbrother.acme.inc
Address: 192.168.0.50
Name: 87-51-72-(x+1)-static.dk.customer.tdc.net
Address: 87.51.72.(x+1)
http://multirbl.valli.org/
SørenR.
Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.
Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
That should be the case then i think, my server sended EHLO/HELO matches my (ISP) PTR though (check my signature to get my real IPEduardoFoltran wrote: ↑2019-07-19 12:44I aim for the PTR record to identify a home connections. You will not be blocked if your PTR record matches your DNS. But if you are using your IPS PTR as your server name, I am sorry but you will be blocked.RvdH wrote: ↑2019-07-19 11:36That is weird and a bit harsh because not all home IP's are spammers, I pay my ISP quitte a bit to have a static home IP and to be allowed to run my own mailserver.
As SpamDonkey scores me with the highest possible ranking i think it is useless for me... spamhaus at least has an option to get home IP's running servers off their PBL
Tell me your IP address. I will check it manually and tell why it was blocked.
)MultiRBL.valli.org FCrDNS Test
Code: Select all
rDNS for IP 62.xxx.46.221
xxx.speed.planet.nl
OK
IP Addresses (A or AAAA records) for xxx.speed.planet.nl
62.XXX.46.221
OK
At least one IP address of the DNS lookup for xxx.speed.planet.nl matches the original IP
OK
Do you take the domain & tld part from the received e-mail FROM header? Next lookup the A-record for that domain and then check if the PTR-records contains the domain name from the FROM header?
Wow, that i pretty strict...
Maybe you add an additional check if the Received header contains the PTR...and score lower if it does
This makes it little less strict but could be a nice addition for people like me bound to use ISP PTR
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
Re: New DNSBL designed for hMailServer
It's all in the DNS, A-record must match PTR ... FCrDNS ...
Your HELO/EHLO greeting must be a FQDN that resolve via the MX record to your receiving domain - but that is for totally different reasons than the RBL.
Your HELO/EHLO greeting must be a FQDN that resolve via the MX record to your receiving domain - but that is for totally different reasons than the RBL.
SørenR.
Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.
Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
I don’t have access to what the client said on the EHLO or HELO, neither to the message itself. The only thing I have is the IP and a database with thousands of IPSs PTRs. If your PTR matches any of the of the PTRs on the database, the IP will be listed. This is only one of the criteria, but, as a rule of thumb, if your IP address appears on the PTR, you get at least level 3.
You should ask you IPS to change the PTR to a proper domain of yours with a matching DNS.
Re: New DNSBL designed for hMailServer
They won't...they only allow/do this for business accountsEduardoFoltran wrote: ↑2019-07-19 17:22You should ask you IPS to change the PTR to a proper domain of yours with a matching DNS.
SpamDonkey is pretty much worthless this way, as i get a maximum score off 5 (why 5 and not 3?)
...think i'll trash it right away
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
Re: New DNSBL designed for hMailServer
Exactly what are the scoring criteria?EduardoFoltran wrote: ↑2019-07-19 17:22I don’t have access to what the client said on the EHLO or HELO, neither to the message itself. The only thing I have is the IP and a database with thousands of IPSs PTRs. If your PTR matches any of the of the PTRs on the database, the IP will be listed. This is only one of the criteria, but, as a rule of thumb, if your IP address appears on the PTR, you get at least level 3.
You should ask you IPS to change the PTR to a proper domain of yours with a matching DNS.
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
I believe is better to be safe than sorry. The vast majority of emails on my spam trap with ransomware, phishing and scams come from home computers infected with all sorts of malware. Here in Brazil most IPS block port 25 on domestic connections for that same reason. If you are trying to run a legitimate SMTP server from your home, at least get an IPS that provides you with a proper PTR or get a business connection, otherwise there is no way to differentiate you from a malware.
For those who wish to try SpamDonkey on hMailServer, this is the antispam configuration I am using. I also lowered the SpamAssassin spam threshold to 3.
Code: Select all
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: True
Add X-HmailServer-Spam: True Check HELO host: True - 2 Hostname: 127.0.0.1
Add X-HmailServer-Reason: True Check MX records: True - 2 Port: 783
Add X-HmailServer-Subject: False Verify DKIM: True - 2 Use SA score: True
Spam delete threshold: 15 Maximum message size: 1024
DNSBL ENTRIES:
dnsbl.spamdonkey.com Score: 1 Result: 127.0.0.1
dnsbl.spamdonkey.com Score: 2 Result: 127.0.0.2
dnsbl.spamdonkey.com Score: 5 Result: 127.0.0.3
dnsbl.spamdonkey.com Score: 10 Result: 127.0.0.4
dnsbl.spamdonkey.com Score: 15 Result: 127.0.0.5
SURBL ENTRIES:
multi.surbl.org Score: 6
GREYLISTING:
Greylisting: True Defer mins: 5 Days Unused: 1 Days Used: 36
Bypass SPF: True Bypass A/MX: Falso
Greylist WHITELIST ENTRIES:
No entries
Re: New DNSBL designed for hMailServer
Every other DNSBL canEduardoFoltran wrote: ↑2019-07-19 19:09I believe is better to be safe than sorry. The vast majority of emails on my spam trap with ransomware, phishing and scams come from home computers infected with all sorts of malware. Here in Brazil most IPS block port 25 on domestic connections for that same reason. If you are trying to run a legitimate SMTP server from your home, at least get an IPS that provides you with a proper PTR or get a business connection, otherwise there is no way to differentiate you from a malware.
I can live with the fact that my IP scored a Level 3 value, but the maximum of Level 5 without ever sending out a single spam mail just ain't right
My ISP used to block port 25 as well, but no longer... guess it has something to do with all those IOT devices in almost every household nowadays
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
I still have this set up last in line of filters to notify me of SpamDonkey level 5 hits (without any action). It hit on a message from my domain provider, who is certainly reputable and not a spammer. A few other hits were questionable too, although I did not do any research into them. Not to mention RvdH's situation.EduardoFoltran wrote: ↑2019-07-19 20:09IoT devices should communicate via MQTT, not SMTP on port 25.
Would you please explain ALL of your listing criteria for each level? It does not appear to be available on your website. The only one we know of is if rDNS fails it goes straight to level 5.
Level 4 is REJECT MESSAGE. Level 5 is REJECT CONNECTION. Neither the message I received from my domain provider nor their mail server should fit either of those levels, yet it hit on level 5. I think your listing criteria is far too aggressive for the levels you defined. If you want people to use it - and ESPECIALLY if you want people to pay for it - you need to build trust in your userbase, which so far you have failed.127.0.0.4 - Level 4 - The IP belongs to a mass email service that send mostly unsolicited advertisement. Messages coming from it should go to spam folder.
127.0.0.5 - Level 5 - This is not a legitimate service and anything coming from this IP should be discarded without concern.
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
I can’t tell you ALL my listing criteria. Most of them are fails I identified on the way spammers behave and if I make it public they certainly will avoid such practices.
As I said I have been working on this project for the last two years and I am sure there is still work to be done. The main reason I posted the service here is to have feedback such as RvdH’s and yours.
Please, tell me in private what is your domain provider and I will check what happend.
Re: New DNSBL designed for hMailServer
SpamDonkey hit: 207.38.69.194 - mail.dynu.com - United States at 2019-07-20 07:32:02.299 Zulu.EduardoFoltran wrote: ↑2019-07-20 15:07I can’t tell you ALL my listing criteria. Most of them are fails I identified on the way spammers behave and if I make it public they certainly will avoid such practices.
As I said I have been working on this project for the last two years and I am sure there is still work to be done. The main reason I posted the service here is to have feedback such as RvdH’s and yours.
Please, tell me in private what is your domain provider and I will check what happend.
Time included is USA EDT (New York)
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
Yep. It is dynamic IP domain provider. I have 30 IPs listed under this domain and all have also hits on my spam traps.
I cleaned their servers listed on the SPF record, but any server you have sitting on a dynamic IP will be blocked because this is something a spammer does.
A spammer will never put too much money on their scams. So, if want one of my criteria, it is money. Domains that are granted for free will be blocked.
On the other hand, if you have their paid service, with a proper domain of your own, you will be clean even on a dynamic IP. Unless you are unlucky enough to get a already listed IP on your next change. But it is true also to SpamHaus and Barracuda.
Re: New DNSBL designed for hMailServer
Dynamic IPs don't get listed on spamhaus unless it's associated with spam. Except of course on the PBL, but that is a different return code which mail administrators can choose to use or not.EduardoFoltran wrote: ↑2019-07-20 15:55Yep. It is dynamic IP domain provider. I have 30 IPs listed under this domain and all have also hits on my spam traps.
I cleaned their servers listed on the SPF record, but any server you have sitting on a dynamic IP will be blocked because this is something a spammer does.
A spammer will never put too much money on their scams. So, if want one of my criteria, it is money. Domains that are granted for free will be blocked.
On the other hand, if you have their paid service, with a proper domain of your own, you will be clean even on a dynamic IP. Unless you are unlucky enough to get a already listed IP on your next change. But it is true also to SpamHaus and Barracuda.
Your setup is based on a gradation of escalating rules. If you policy block at any level, i don't have the choice to turn that off. And that is why RvdH was blocked. His ip should never be listed in a REJECT CONNECTION level unless you have absolute proof that he is sending spam.
Level 5 should be equivalent to spamhaus snowshoe or UCE protect level 1. You should never include policy blocks in a REJECT CONNECTION level. Especially when there is something wrong with the rules that causes legitimate non-spammer, non-dynamic ip servers to be rejected.
If you still plan to use a gradation of rule sets, you need to make damned sure the highest level contains ONLY IPs known to have sent spam. In other words, listed IPs should actually match the level description on your website.
As it is i can't even use this for scoring, much less rejection.
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
Well, you have a point there! I am not SpamHaus. SpamHaus is too soft and that is the reason I build SpamDonkey. If SpamHaus or Barracuda were efficient enough to block what I needed to be blocked, I would never spent two years of my life creating this algorithm.
SpamDonkey is harsh by design. It is intended to identify legitimate sourcers of personal messages and reject all the rest. If one is toying with a SMTP server built with a RaspBerry Pi and a cell phone it would not expect to be listed as “Clean” on SpamDonkey.
My setup is a suggestion. It is how I use the service I created and you are in no way obligated to agree with me. If you think my level 5 is not worth of rejection, don’t do it! You are the lord and master of your server.palinka wrote: ↑2019-07-20 16:21Your setup is based on a gradation of escalating rules. If you policy block at any level, i don't have the choice to turn that off. And that is why RvdH was blocked. His ip should never be listed in a REJECT CONNECTION level unless you have absolute proof that he is sending spam.
SpamDonkey is intended as a DNSBL for people who want do make business with emails. My levels are referred to “services”. Not people, services. It means I expect to find a company behind that IP address. If RvdH were using a proper business connection instead of a domestic one, his server would be clean from the beginning. So, if one is using dynamic IPs, domestic connections, domains that are granted for free, with no proper PTR and DNS settings, so I give it a rejection.palinka wrote: ↑2019-07-20 16:21Level 5 should be equivalent to spamhaus snowshoe or UCE protect level 1. You should never include policy blocks in a REJECT CONNECTION level. Especially when there is something wrong with the rules that causes legitimate non-spammer, non-dynamic ip servers to be rejected.
You may disagree with my criteria. You may conclude that SpamDonkey is not for you. However, I have 3 companies (not individuals, companies) and one ISP using SpamDonkey with good results, and that is encouraging.
Take care!
Eduardo
Re: New DNSBL designed for hMailServer
Well, I hope I never have to send mail to any of those companies.EduardoFoltran wrote: ↑2019-07-20 17:40You may disagree with my criteria. You may conclude that SpamDonkey is not for you. However, I have 3 companies (not individuals, companies) and one ISP using SpamDonkey with good results, and that is encouraging.
Take care!
Eduardo
Code: Select all
C:\Users\User>nslookup 14.43.228.66.dnsbl.spamdonkey.com
Server: resolver1.opendns.com
Address: 208.67.222.222
Non-authoritative answer:
DNS request timed out.
timeout was 2 seconds.
Name: 14.43.228.66.dnsbl.spamdonkey.com
Address: 127.0.0.5Good luck with your project. Too many false positives for me to use.
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
I recommend you to find a better relay service. The PTR of the IP 66.228.43.14 resolves to li324-14.members.linode.com, with has no connection with SMTP2GO. This IP is not even listed on the linode.com SPF record, which ends with a -all statement. That means this server, according to Linode’s policy, is not supposed to send emails.
Well, it is working as I designed it to do. If people don't care about properly configure email servers, that is not of my concern. The only way to stop spam from propagate so easily is to be harsh on those who could do a better job but are too reckless about it. If Linode says to me such server is not supposed to send emails, who should I listen to? You? SMTP2GO? I prefer listen to Linode and you should demand your relay service to do a better job instead of hit on me for pointing out that there is a problem there.
I rest my case.
Re: New DNSBL designed for hMailServer
My apologies. It appears I used the wrong IP address. 
a1i600.smtp2go.com 43.228.186.88 is one of their relay IPs.
Name: 88.186.228.43.dnsbl.spamdonkey.com
Address: 127.0.0.2
Still too many false positives for me. Good luck.
a1i600.smtp2go.com 43.228.186.88 is one of their relay IPs.
Name: 88.186.228.43.dnsbl.spamdonkey.com
Address: 127.0.0.2
Still too many false positives for me. Good luck.
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
This is not a false positive. SMTP2GO sends messages for third parts. It has the same level of MailChimp, MailGun and others of this kind.
127.0.0.2 - Level 2 - The IP belongs to a service which sends legitimate mass emails and take care about spammers operating on their servers. Their clients are asked to use their own lists of emails and the service does care about how those addresses have been obtained. Some unsolicited mail may come from this source, but not as a rule and its messages cannot be classified as spam by this criteria alone. Social media email falls under this classification to.
Re: New DNSBL designed for hMailServer
I know that particular example is not a false positive. In general there are too many false positives, such as my dynu example and RvdH's listing. And i know you're arguing that RvdH is not a false positive, but only in the narrowest sense according to your ruleset. If it flags a non spamming IP, the rest of the email world would consider that a false positive.
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
I know personally four more people who disagree with you. They are my users. What you call a false positive I call an early detection of a threat. If someone is sending emails using the same tools as spammers do, such as domestic connections and dynamic domain names, they are not to be taken seriously. Moreover, the case of dynu.com only shows how efficient my algorithm is in detecting dynamic IP domain providers.
This approach of wait someone start to sending spam before taking action does not work anymore. Spam traps are not fast enough and with services like ZeroBounce around, they are no longer efficient. I can understand most Europeans will disagree. They must wait someone kills Charlie Hebdo’s entire crew first and only then ask why are those people carrying machine guns. Well, I don’t.
I am not going to stop you to continue toying with email and SMTP servers. Go ahead and have fun! But do not expect me to consider such configuration a serious solution for a business proposition.
This approach of wait someone start to sending spam before taking action does not work anymore. Spam traps are not fast enough and with services like ZeroBounce around, they are no longer efficient. I can understand most Europeans will disagree. They must wait someone kills Charlie Hebdo’s entire crew first and only then ask why are those people carrying machine guns. Well, I don’t.
I am not going to stop you to continue toying with email and SMTP servers. Go ahead and have fun! But do not expect me to consider such configuration a serious solution for a business proposition.
Re: New DNSBL designed for hMailServer
Logged almost 24 hours. I have a private domain with 5 users and a quest together with NameCheap to eradicate .icu SPAM. So far we have chased them to Turkey where they stopped sending from .icu domains and is using a common domain with a full 255 IP Address allocation.
So far we have closed 1000+ domains and I will be sending a new batch of 192 domains shortly to be closed. For each domain we close they open a new but they still have to pay for the new domains
FYI. forum posts are limited to 60,000 characters.
There are a number of "Level 1" connections that I regard as SPAM from experience as do other RBL's and I see some "N/A"s where SpamDonkey did not return a value.
Anyways, some explanation:
Normal email received.
IP connect, IDS Add = OnClientConnect, IDS Delete = OnAcceptMessage.
"IDS BAN" means to many connects and no actual mail received (IDS Add with no immediate following IDS Delete). Limit is 3 connects in 180 minutes and no mail = BAN. Handler is run every 1 minute so sometimes additional concurrent connects are registered before the BAN is in place.
"DISCONNECT" means a forced dropped connection, no status code sent, no message sent. Usually the result of a BAN.
"GEOBlock" means someone outside The Danish Realm is trying to log on either IMAPS or SMTPS. Result is a BAN.
Normal email received via Backup-MX
Mail from banned sender via Backup-MX = Mail is rejected.
"isBanned", IP Address, Banned IP Address, HELO/EHLO greeting.
So far we have closed 1000+ domains and I will be sending a new batch of 192 domains shortly to be closed. For each domain we close they open a new
but they still have to pay for the new domains FYI. forum posts are limited to 60,000 characters.
There are a number of "Level 1" connections that I regard as SPAM from experience as do other RBL's and I see some "N/A"s where SpamDonkey did not return a value.
Anyways, some explanation:
Normal email received.
IP connect, IDS Add = OnClientConnect, IDS Delete = OnAcceptMessage.
Code: Select all
"--- Connect --- 45.65.125.243 25 - Level 1 rDNS"
"IDS Add 45.65.125.243"
"IDS Delete 45.65.125.243"
"DISCONNECT" means a forced dropped connection, no status code sent, no message sent. Usually the result of a BAN.
"GEOBlock" means someone outside The Danish Realm is trying to log on either IMAPS or SMTPS. Result is a BAN.
Normal email received via Backup-MX
Code: Select all
"--- Connect --- 80.160.77.99 25 - Clean level backup-mx1.post.tele.dk"
"IDS Add 80.160.77.99"
"WList HELO 80.160.77.99 backup-mx.post.tele.dk"
"IDS Delete 80.160.77.99"
"isBanned", IP Address, Banned IP Address, HELO/EHLO greeting.
Code: Select all
"--- Connect --- 80.160.77.99 25 - Clean level backup-mx1.post.tele.dk"
"IDS Add 80.160.77.99"
"WList HELO 80.160.77.99 backup-mx.post.tele.dk"
"IDS Delete 80.160.77.99"
"isBanned 80.160.77.99 193.31.119.133 storageindulge.icu"
Code: Select all
3872 "2019-07-22 16:13:57.628" "--- Connect --- 175.29.177.126 25 - Level 5"
3872 "2019-07-22 16:13:57.628" "IDS Add 175.29.177.126"
3872 "2019-07-22 16:13:57.800" "SnowShoe 175.29.177.126"
1012 "2019-07-22 16:13:59.066" "--- Connect --- 95.79.109.7 25 - Level 5 95x79x109x7.static-business.nn.ertelecom.ru"
1012 "2019-07-22 16:13:59.066" "IDS Add 95.79.109.7"
1012 "2019-07-22 16:13:59.160" "SnowShoe 95.79.109.7"
1012 "2019-07-22 16:14:00.644" "DISCONNECT 95.79.109.7"
3872 "2019-07-22 16:14:00.644" "DISCONNECT 175.29.177.126"
3392 "2019-07-22 16:34:13.621" "--- Connect --- 191.53.52.88 465 - Level 5 191-53-52-88.vze-wr.mastercabo.com.br"
3392 "2019-07-22 16:34:13.683" "GEOBlock 191.53.52.88 SMTPS"
3392 "2019-07-22 16:34:15.167" "DISCONNECT 191.53.52.88"
1012 "2019-07-22 16:39:08.683" "--- Connect --- 45.65.125.243 25 - Level 1 h4yresearch.com"
1012 "2019-07-22 16:39:08.683" "IDS Add 45.65.125.243"
2176 "2019-07-22 16:40:23.804" "IDS Delete 45.65.125.243"
2176 "2019-07-22 16:40:23.820" "SPAM/RBL/SURBL 45.65.125.243 Tagged as Spam by SpamAssassin - (Score: 3)"
1012 "2019-07-22 16:45:04.523" "--- Connect --- 31.131.88.68 25 - Level 4 pigeonbd.com"
1012 "2019-07-22 16:45:04.523" "IDS Add 31.131.88.68"
2176 "2019-07-22 16:46:21.726" "IDS Delete 31.131.88.68"
2176 "2019-07-22 16:46:21.742" "SPAM/RBL/SURBL 31.131.88.68 Tagged as Spam by SpamAssassin - (Score: 7)"
1012 "2019-07-22 16:52:23.628" "--- Connect --- 185.253.60.219 25 - Level 4 mx8.auctionbins.com"
1012 "2019-07-22 16:52:23.644" "IDS Add 185.253.60.219"
2176 "2019-07-22 16:53:39.378" "IDS Delete 185.253.60.219"
2176 "2019-07-22 16:53:39.394" "SPAM/RBL/SURBL 185.253.60.219 Tagged as Spam by SpamAssassin - (Score: 3)"
1012 "2019-07-22 16:56:02.628" "--- Connect --- 5.189.183.138 25 - Level 2 vmi74527.contabo.host"
1012 "2019-07-22 16:56:02.628" "IDS Add 5.189.183.138"
2176 "2019-07-22 16:57:16.707" "IDS Delete 5.189.183.138"
1012 "2019-07-22 17:02:26.421" "--- Connect --- 186.211.248.214 25 - Level 5 186-211-248-214.commcorp.net.br"
1012 "2019-07-22 17:02:26.421" "IDS Add 186.211.248.214"
1012 "2019-07-22 17:02:26.593" "SnowShoe 186.211.248.214"
1012 "2019-07-22 17:02:28.062" "DISCONNECT 186.211.248.214"
3872 "2019-07-22 17:02:30.156" "--- Connect --- 67.198.99.60 25 - Level 5 67-198-99-60.static.grandenetworks.net"
3872 "2019-07-22 17:02:30.156" "IDS Add 67.198.99.60"
3872 "2019-07-22 17:02:30.203" "SnowShoe 67.198.99.60"
3872 "2019-07-22 17:02:31.687" "DISCONNECT 67.198.99.60"
3872 "2019-07-22 17:21:58.382" "--- Connect --- 91.227.208.6 25 - Level 3 rs-6.mta.anpdm.com"
3872 "2019-07-22 17:21:58.382" "IDS Add 91.227.208.6"
3872 "2019-07-22 17:23:13.148" "--- Connect --- 13.111.11.59 25 - Clean level mta3.hulumail.com"
3872 "2019-07-22 17:23:13.148" "IDS Add 13.111.11.59"
2176 "2019-07-22 17:23:14.210" "IDS Delete 91.227.208.6"
3392 "2019-07-22 17:23:57.210" "--- Connect --- 186.232.14.81 465 - Level 5 186-232-14-81.indnet.com.br"
3392 "2019-07-22 17:23:57.273" "GEOBlock 186.232.14.81 SMTPS"
3392 "2019-07-22 17:23:58.757" "DISCONNECT 186.232.14.81"
2176 "2019-07-22 17:24:28.976" "IDS Delete 13.111.11.59"
3872 "2019-07-22 17:30:30.566" "--- Connect --- 128.199.63.243 25 - Level 3"
3872 "2019-07-22 17:30:30.585" "IDS Add 128.199.63.243"
2176 "2019-07-22 17:31:45.644" "IDS Delete 128.199.63.243"
2176 "2019-07-22 17:31:45.660" "SPAM/RBL/SURBL 128.199.63.243 Tagged as Spam by SpamAssassin - (Score: 6)"
3392 "2019-07-22 17:38:12.972" "--- Connect --- 162.243.150.92 465 - Level 3 zg-0403-70.stretchoid.com"
3392 "2019-07-22 17:38:13.035" "GEOBlock 162.243.150.92 SMTPS"
3392 "2019-07-22 17:38:14.519" "DISCONNECT 162.243.150.92"
3392 "2019-07-22 17:45:52.062" "--- Connect --- 168.228.150.96 465 - Level 5"
3392 "2019-07-22 17:45:52.125" "GEOBlock 168.228.150.96 SMTPS"
3392 "2019-07-22 17:45:53.609" "DISCONNECT 168.228.150.96"
3872 "2019-07-22 18:02:20.757" "--- Connect --- 173.212.204.173 25 - Level 4 ping0.clackamasbookkeeping.com"
3872 "2019-07-22 18:02:20.757" "IDS Add 173.212.204.173"
3872 "2019-07-22 18:03:10.539" "--- Connect --- 193.31.119.99 25 - Level 2 hostmaster.netbudur.com"
3872 "2019-07-22 18:03:10.539" "IDS Add 193.31.119.99"
1012 "2019-07-22 18:03:33.289" "Reject HELO 193.31.119.99 usestar.icu"
1012 "2019-07-22 18:03:34.773" "DISCONNECT 193.31.119.99"
2176 "2019-07-22 18:03:36.664" "IDS Delete 173.212.204.173"
2176 "2019-07-22 18:03:36.679" "SPAM/RBL/SURBL 173.212.204.173 RBL - Rejected by Spamhaus - (Score: 5)"
2176 "2019-07-22 18:03:36.679" "SPAM/RBL/SURBL 173.212.204.173 Tagged as Spam by SpamAssassin - (Score: 10)"
3872 "2019-07-22 18:03:37.492" "--- Connect --- 80.160.77.99 25 - Clean level backup-mx1.post.tele.dk"
3872 "2019-07-22 18:03:37.492" "IDS Add 80.160.77.99"
3872 "2019-07-22 18:03:37.523" "WList HELO 80.160.77.99 backup-mx.post.tele.dk"
2176 "2019-07-22 18:03:50.023" "IDS Delete 80.160.77.99"
2176 "2019-07-22 18:03:50.039" "isBanned 80.160.77.99 193.31.119.99 usestar.icu"
3392 "2019-07-22 18:06:45.742" "--- Connect --- 177.87.220.173 465 - Level 5"
3392 "2019-07-22 18:06:45.804" "GEOBlock 177.87.220.173 SMTPS"
3392 "2019-07-22 18:06:47.289" "DISCONNECT 177.87.220.173"
3872 "2019-07-22 18:07:59.476" "--- Connect --- 218.4.239.146 25 - Level 5"
3872 "2019-07-22 18:07:59.476" "IDS Add 218.4.239.146"
3872 "2019-07-22 18:07:59.539" "SnowShoe 218.4.239.146"
3872 "2019-07-22 18:08:01.023" "DISCONNECT 218.4.239.146"
3872 "2019-07-22 18:09:46.632" "--- Connect --- 195.98.77.53 25 - Level 5"
3872 "2019-07-22 18:09:46.632" "IDS Add 195.98.77.53"
3872 "2019-07-22 18:09:46.679" "SnowShoe 195.98.77.53"
3872 "2019-07-22 18:09:48.164" "DISCONNECT 195.98.77.53"
3872 "2019-07-22 18:10:29.554" "--- Connect --- 108.174.3.196 25 - Level 2 maile-ad.linkedin.com"
3872 "2019-07-22 18:10:29.554" "IDS Add 108.174.3.196"
2176 "2019-07-22 18:11:44.835" "IDS Delete 108.174.3.196"
3872 "2019-07-22 18:12:35.992" "--- Connect --- 217.128.99.11 25 - Level 5 lputeaux-657-1-69-11.w217-128.abo.wanadoo.fr"
3872 "2019-07-22 18:12:35.992" "IDS Add 217.128.99.11"
3872 "2019-07-22 18:12:36.085" "SnowShoe 217.128.99.11"
3872 "2019-07-22 18:12:37.570" "DISCONNECT 217.128.99.11"
3872 "2019-07-22 18:15:38.820" "--- Connect --- 82.166.184.188 25 - Level 5"
3872 "2019-07-22 18:15:38.820" "IDS Add 82.166.184.188"
3424 "2019-07-22 18:15:43.507" "--- Connect --- 5.189.183.138 25 - Level 2 vmi74527.contabo.host"
3424 "2019-07-22 18:15:43.507" "IDS Add 5.189.183.138"
2176 "2019-07-22 18:16:57.484" "IDS Delete 5.189.183.138"
3392 "2019-07-22 18:28:42.671" "--- Connect --- 177.23.73.70 465 - Level 5 177-23-73-70.interminas.com.br"
3392 "2019-07-22 18:28:42.734" "GEOBlock 177.23.73.70 SMTPS"
3392 "2019-07-22 18:28:44.218" "DISCONNECT 177.23.73.70"
3424 "2019-07-22 18:36:38.742" "--- Connect --- 204.232.178.184 25 - Clean level web1.valentus.com"
3424 "2019-07-22 18:36:38.742" "IDS Add 204.232.178.184"
2176 "2019-07-22 18:37:53.820" "IDS Delete 204.232.178.184"
3424 "2019-07-22 18:48:58.117" "--- Connect --- 5.189.183.138 25 - Level 2 vmi74527.contabo.host"
3424 "2019-07-22 18:48:58.132" "IDS Add 5.189.183.138"
3392 "2019-07-22 18:49:18.773" "--- Connect --- 193.31.119.100 25 - Level 2 hostmaster.netbudur.com"
3392 "2019-07-22 18:49:18.773" "IDS Add 193.31.119.100"
3424 "2019-07-22 18:49:39.820" "Reject HELO 193.31.119.100 doughnew.icu"
3424 "2019-07-22 18:49:41.320" "DISCONNECT 193.31.119.100"
3392 "2019-07-22 18:49:44.617" "--- Connect --- 80.160.77.115 25 - Clean level backup-mx2.post.tele.dk"
3392 "2019-07-22 18:49:44.632" "IDS Add 80.160.77.115"
3392 "2019-07-22 18:49:44.695" "WList HELO 80.160.77.115 backup-mx.post.tele.dk"
2176 "2019-07-22 18:50:01.726" "IDS Delete 80.160.77.115"
2176 "2019-07-22 18:50:01.742" "isBanned 80.160.77.115 193.31.119.100 doughnew.icu"
2176 "2019-07-22 18:50:12.976" "IDS Delete 5.189.183.138"
3392 "2019-07-22 19:19:50.710" "--- Connect --- 5.189.183.138 25 - Level 2 vmi74527.contabo.host"
3392 "2019-07-22 19:19:50.710" "IDS Add 5.189.183.138"
2176 "2019-07-22 19:21:08.023" "IDS Delete 5.189.183.138"
3392 "2019-07-22 19:31:19.273" "--- Connect --- 192.161.151.8 25 - Clean level outbyoip8.pod13.usw2.zdsys.com"
3392 "2019-07-22 19:31:19.273" "IDS Add 192.161.151.8"
2176 "2019-07-22 19:32:35.976" "IDS Delete 192.161.151.8"
3392 "2019-07-22 19:48:44.570" "--- Connect --- 187.1.36.241 465 - Level 5 187.1.36.241.svt1.com.br"
3392 "2019-07-22 19:48:44.648" "GEOBlock 187.1.36.241 SMTPS"
3392 "2019-07-22 19:48:46.132" "DISCONNECT 187.1.36.241"
3392 "2019-07-22 19:49:54.195" "--- Connect --- 191.53.248.137 465 - Level 5 191-53-248-137.nvs-wr.mastercabo.com.br"
3392 "2019-07-22 19:49:54.273" "GEOBlock 191.53.248.137 SMTPS"
3392 "2019-07-22 19:49:55.757" "DISCONNECT 191.53.248.137"
3392 "2019-07-22 19:57:02.218" "--- Connect --- 198.46.135.194 25 - Level 1 bdservice-alt3.bdeservices.com"
3392 "2019-07-22 19:57:02.218" "IDS Add 198.46.135.194"
2176 "2019-07-22 19:58:08.765" "IDS Delete 198.46.135.194"
2176 "2019-07-22 19:58:08.781" "SPAM/RBL/SURBL 198.46.135.194 RBL - Rejected by Barracuda Reputation Block List - (Score: 5)"
2176 "2019-07-22 19:58:08.781" "SPAM/RBL/SURBL 198.46.135.194 Tagged as Spam by SpamAssassin - (Score: 9)"
2176 "2019-07-22 19:58:08.781" "SPAM/RBL/SURBL 198.46.135.194 URIBL - Rejected by Spamhaus - (Score: 5)"
3392 "2019-07-22 20:01:54.046" "--- Connect --- 85.158.142.1 25 - Clean level mail1.bemta26.messagelabs.com"
3392 "2019-07-22 20:01:54.062" "IDS Add 85.158.142.1"
2176 "2019-07-22 20:03:02.406" "IDS Delete 85.158.142.1"
3392 "2019-07-22 20:11:12.750" "--- Connect --- 193.31.119.102 25 - Level 2 hostmaster.netbudur.com"
3392 "2019-07-22 20:11:12.750" "IDS Add 193.31.119.102"
3640 "2019-07-22 20:11:33.828" "Reject HELO 193.31.119.102 vrimetap.icu"
3640 "2019-07-22 20:11:35.312" "DISCONNECT 193.31.119.102"
3392 "2019-07-22 20:11:35.765" "--- Connect --- 80.160.77.99 25 - Clean level backup-mx1.post.tele.dk"
3392 "2019-07-22 20:11:35.765" "IDS Add 80.160.77.99"
3392 "2019-07-22 20:11:35.859" "WList HELO 80.160.77.99 backup-mx.post.tele.dk"
2176 "2019-07-22 20:11:40.906" "IDS Delete 80.160.77.99"
2176 "2019-07-22 20:11:40.921" "isBanned 80.160.77.99 193.31.119.102 vrimetap.icu"
3392 "2019-07-22 20:18:47.148" "--- Connect --- 200.23.235.111 465 - Level 5"
3392 "2019-07-22 20:18:47.179" "... GEOLookup 200.23.235.111 zz"
3392 "2019-07-22 20:18:47.195" "IDS Add 200.23.235.111"
3392 "2019-07-22 20:18:55.117" "--- Connect --- 189.89.213.203 465 - Level 5 189-089-213-203.static.stratus.com.br"
3392 "2019-07-22 20:18:55.179" "GEOBlock 189.89.213.203 SMTPS"
3392 "2019-07-22 20:18:56.664" "DISCONNECT 189.89.213.203"
3392 "2019-07-22 20:22:43.367" "--- Connect --- 109.245.214.49 25 - Level 5 net49-214-245-109.customer.telenor.rs"
3392 "2019-07-22 20:22:43.382" "IDS Add 109.245.214.49"
3392 "2019-07-22 20:22:43.851" "SnowShoe 109.245.214.49"
3392 "2019-07-22 20:22:45.335" "DISCONNECT 109.245.214.49"
3424 "2019-07-22 20:25:15.835" "--- Connect --- 162.243.146.89 993 - Level 3"
3424 "2019-07-22 20:25:15.851" "GEOBlock 162.243.146.89 IMAPS"
3424 "2019-07-22 20:25:17.320" "DISCONNECT 162.243.146.89"
3392 "2019-07-22 20:26:45.460" "--- Connect --- 103.194.242.254 25 - Level 5"
3392 "2019-07-22 20:26:45.460" "IDS Add 103.194.242.254"
3392 "2019-07-22 20:26:45.507" "SnowShoe 103.194.242.254"
3392 "2019-07-22 20:26:46.992" "DISCONNECT 103.194.242.254"
3392 "2019-07-22 20:31:06.882" "--- Connect --- 177.74.182.192 465 N/A"
3392 "2019-07-22 20:31:06.960" "GEOBlock 177.74.182.192 SMTPS"
3872 "2019-07-22 20:31:08.007" "--- Connect --- 168.228.149.223 465 - Level 5"
3872 "2019-07-22 20:31:08.054" "GEOBlock 168.228.149.223 SMTPS"
3392 "2019-07-22 20:31:09.539" "DISCONNECT 177.74.182.192"
3872 "2019-07-22 20:31:11.023" "DISCONNECT 168.228.149.223"
3392 "2019-07-22 20:54:38.726" "--- Connect --- 78.196.158.50 25 - Level 3 mhu85-1-78-196-158-50.fbx.proxad.net"
3392 "2019-07-22 20:54:38.726" "IDS Add 78.196.158.50"
3392 "2019-07-22 20:54:38.992" "LashBack 78.196.158.50"
3392 "2019-07-22 20:54:40.476" "DISCONNECT 78.196.158.50"
3392 "2019-07-22 20:57:33.023" "--- Connect --- 177.125.163.46 25 - Level 5 46-163-125-177.clickturbo.com.br"
3392 "2019-07-22 20:57:33.023" "IDS Add 177.125.163.46"
3392 "2019-07-22 20:57:33.914" "SnowShoe 177.125.163.46"
3392 "2019-07-22 20:57:35.398" "DISCONNECT 177.125.163.46"
3872 "2019-07-22 21:08:17.085" "--- Connect --- 200.3.31.242 465 - Level 5"
3872 "2019-07-22 21:08:17.148" "GEOBlock 200.3.31.242 SMTPS"
3872 "2019-07-22 21:08:18.632" "DISCONNECT 200.3.31.242"
3392 "2019-07-22 21:16:16.750" "--- Connect --- 201.20.82.102 25 - Level 5 201-20-82-102.mobile.mobtelecom.com.br"
3392 "2019-07-22 21:16:16.765" "IDS Add 201.20.82.102"
3392 "2019-07-22 21:16:16.875" "SnowShoe 201.20.82.102"
3392 "2019-07-22 21:16:18.359" "DISCONNECT 201.20.82.102"
3872 "2019-07-22 21:16:20.265" "--- Connect --- 138.94.193.44 25 - Level 5 customer-138-94-193-44.agtnet.com.br"
3872 "2019-07-22 21:16:20.265" "IDS Add 138.94.193.44"
3872 "2019-07-22 21:16:20.328" "SnowShoe 138.94.193.44"
3872 "2019-07-22 21:16:21.812" "DISCONNECT 138.94.193.44"
3872 "2019-07-22 21:22:31.312" "--- Connect --- 170.246.206.31 465 - Level 5"
3872 "2019-07-22 21:22:31.406" "GEOBlock 170.246.206.31 SMTPS"
3872 "2019-07-22 21:22:32.890" "DISCONNECT 170.246.206.31"
3872 "2019-07-22 21:56:05.609" "--- Connect --- 77.40.92.215 465 - Level 5 215.92.pppoe.mari-el.ru"
3872 "2019-07-22 21:56:05.671" "GEOBlock 77.40.92.215 SMTPS"
3872 "2019-07-22 21:56:07.171" "DISCONNECT 77.40.92.215"
3872 "2019-07-22 22:06:16.218" "--- Connect --- 159.203.176.183 25 - Level 1"
3872 "2019-07-22 22:06:16.234" "IDS Add 159.203.176.183"
2176 "2019-07-22 22:07:22.875" "IDS Delete 159.203.176.183"
2176 "2019-07-22 22:07:22.890" "SPAM/RBL/SURBL 159.203.176.183 RBL - Rejected by Barracuda Reputation Block List - (Score: 5)"
3872 "2019-07-22 22:26:17.226" "--- Connect --- 80.160.77.115 25 - Clean level backup-mx2.post.tele.dk"
3872 "2019-07-22 22:26:17.226" "IDS Add 80.160.77.115"
3872 "2019-07-22 22:26:17.304" "WList HELO 80.160.77.115 backup-mx.post.tele.dk"
2176 "2019-07-22 22:26:26.523" "IDS Delete 80.160.77.115"
2176 "2019-07-22 22:26:26.617" "WList X-From 69.171.232.142 security@mail.instagram.com"
3872 "2019-07-22 22:36:41.687" "--- Connect --- 213.142.157.136 25 - Level 1 vpsnode14.webstudio28.com"
3872 "2019-07-22 22:36:41.687" "IDS Add 213.142.157.136"
2176 "2019-07-22 22:37:47.062" "IDS Delete 213.142.157.136"
2176 "2019-07-22 22:37:47.078" "SPAM/RBL/SURBL 213.142.157.136 RBL - Rejected by Barracuda Reputation Block List - (Score: 5)"
2176 "2019-07-22 22:37:47.078" "SPAM/RBL/SURBL 213.142.157.136 URIBL - Rejected by Spamhaus - (Score: 5)"
2176 "2019-07-22 22:37:47.078" "SPAM/RBL/SURBL 213.142.157.136 RBL - Rejected by Spamhaus - (Score: 5)"
2176 "2019-07-22 22:37:47.078" "SPAM/RBL/SURBL 213.142.157.136 URIBL - Rejected by SURBL - (Score: 5)"
2176 "2019-07-22 22:37:47.078" "SPAM/RBL/SURBL 213.142.157.136 Tagged as Spam by SpamAssassin - (Score: 12)"
3872 "2019-07-22 22:41:48.171" "--- Connect --- 187.109.56.117 465 - Level 5 187-109-56-117.agyonet.com.br"
3872 "2019-07-22 22:41:48.234" "GEOBlock 187.109.56.117 SMTPS"
3872 "2019-07-22 22:41:49.718" "DISCONNECT 187.109.56.117"
3872 "2019-07-22 22:55:12.140" "--- Connect --- 171.234.184.215 25 - Level 5 dynamic-adsl.viettel.vn"
3872 "2019-07-22 22:55:12.140" "IDS Add 171.234.184.215"
3872 "2019-07-22 22:55:12.421" "LashBack 171.234.184.215"
3872 "2019-07-22 22:55:13.906" "DISCONNECT 171.234.184.215"
3872 "2019-07-22 23:01:02.710" "--- Connect --- 191.53.19.238 465 - Level 5 191-53-19-238.vga-wr.mastercabo.com.br"
3872 "2019-07-22 23:01:02.789" "GEOBlock 191.53.19.238 SMTPS"
3872 "2019-07-22 23:01:04.273" "DISCONNECT 191.53.19.238"
3872 "2019-07-22 23:11:20.382" "--- Connect --- 131.221.48.86 25 - Level 5"
3872 "2019-07-22 23:11:20.382" "IDS Add 131.221.48.86"
3872 "2019-07-22 23:11:20.804" "LashBack 131.221.48.86"
3872 "2019-07-22 23:11:22.289" "DISCONNECT 131.221.48.86"
3872 "2019-07-22 23:14:31.632" "--- Connect --- 191.53.193.137 465 - Level 5 191-53-193-137.dvl-wr.mastercabo.com.br"
3872 "2019-07-22 23:14:31.695" "GEOBlock 191.53.193.137 SMTPS"
3872 "2019-07-22 23:14:33.179" "DISCONNECT 191.53.193.137"
3872 "2019-07-22 23:20:21.734" "--- Connect --- 180.240.201.1 25 - Level 5 core-idc.telin.co.id"
3872 "2019-07-22 23:20:21.734" "IDS Add 180.240.201.1"
3872 "2019-07-22 23:20:21.812" "SnowShoe 180.240.201.1"
3872 "2019-07-22 23:20:23.296" "DISCONNECT 180.240.201.1"
3392 "2019-07-22 23:20:26.484" "--- Connect --- 103.106.32.226 25 - Level 5"
3392 "2019-07-22 23:20:26.500" "IDS Add 103.106.32.226"
3392 "2019-07-22 23:20:26.578" "SnowShoe 103.106.32.226"
3392 "2019-07-22 23:20:28.062" "DISCONNECT 103.106.32.226"
3392 "2019-07-22 23:33:16.187" "--- Connect --- 193.31.119.105 25 - Level 2 hostmaster.netbudur.com"
3392 "2019-07-22 23:33:16.187" "IDS Add 193.31.119.105"
3392 "2019-07-22 23:33:16.343" "SnowShoe 193.31.119.105"
3392 "2019-07-22 23:33:17.828" "DISCONNECT 193.31.119.105"
3392 "2019-07-22 23:42:03.851" "--- Connect --- 213.142.157.138 25 - Level 1 vpsnode14.webstudio28.com"
3392 "2019-07-22 23:42:03.867" "IDS Add 213.142.157.138"
2176 "2019-07-22 23:43:18.414" "IDS Delete 213.142.157.138"
2176 "2019-07-22 23:43:18.429" "SPAM/RBL/SURBL 213.142.157.138 RBL - Rejected by Barracuda Reputation Block List - (Score: 5)"
2176 "2019-07-22 23:43:18.429" "SPAM/RBL/SURBL 213.142.157.138 URIBL - Rejected by SURBL - (Score: 5)"
2176 "2019-07-22 23:43:18.429" "SPAM/RBL/SURBL 213.142.157.138 Tagged as Spam by SpamAssassin - (Score: 9)"
3872 "2019-07-22 23:58:02.859" "--- Connect --- 131.100.76.72 465 - Level 5 72-76-100-131.internetcentral.com.br"
3872 "2019-07-22 23:58:03.015" "GEOBlock 131.100.76.72 SMTPS"
3872 "2019-07-22 23:58:04.507" "DISCONNECT 131.100.76.72"
2844 "2019-07-23 00:10:11.796" "--- Connect --- 200.33.90.169 465 - Level 5"
2844 "2019-07-23 00:10:11.874" "GEOBlock 200.33.90.169 SMTPS"
2844 "2019-07-23 00:10:13.421" "DISCONNECT 200.33.90.169"
2844 "2019-07-23 00:20:57.057" "--- Connect --- 168.228.151.76 465 - Level 5"
2844 "2019-07-23 00:20:57.197" "GEOBlock 168.228.151.76 SMTPS"
2844 "2019-07-23 00:20:58.682" "DISCONNECT 168.228.151.76"
3084 "2019-07-23 00:41:30.001" "--- Connect --- 213.142.157.142 25 - Level 1 vpsnode14.webstudio28.com"
3084 "2019-07-23 00:41:30.001" "IDS Add 213.142.157.142"
3208 "2019-07-23 00:42:42.111" "IDS Delete 213.142.157.142"
3208 "2019-07-23 00:42:42.126" "SPAM/RBL/SURBL 213.142.157.142 RBL - Rejected by Barracuda Reputation Block List - (Score: 5)"
3208 "2019-07-23 00:42:42.126" "SPAM/RBL/SURBL 213.142.157.142 URIBL - Rejected by SURBL - (Score: 5)"
3208 "2019-07-23 00:42:42.126" "SPAM/RBL/SURBL 213.142.157.142 Tagged as Spam by SpamAssassin - (Score: 8)"
3084 "2019-07-23 00:43:15.111" "--- Connect --- 37.49.230.178 25 - Level 5"
3084 "2019-07-23 00:43:15.111" "IDS Add 37.49.230.178"
3084 "2019-07-23 00:51:47.388" "--- Connect --- 185.177.8.3 25 - Level 5 host-185-177-8-3.netiq.sk"
3084 "2019-07-23 00:51:47.388" "IDS Add 185.177.8.3"
3084 "2019-07-23 00:51:47.451" "SnowShoe 185.177.8.3"
2420 "2019-07-23 00:51:48.467" "--- Connect --- 95.169.213.76 25 - Level 5"
2420 "2019-07-23 00:51:48.467" "IDS Add 95.169.213.76"
2420 "2019-07-23 00:51:48.530" "SnowShoe 95.169.213.76"
3084 "2019-07-23 00:51:50.013" "DISCONNECT 185.177.8.3"
2420 "2019-07-23 00:51:51.499" "DISCONNECT 95.169.213.76"
2420 "2019-07-23 00:53:15.842" "--- Connect --- 193.31.119.107 25 - Level 2 hostmaster.netbudur.com"
2420 "2019-07-23 00:53:15.842" "IDS Add 193.31.119.107"
2420 "2019-07-23 00:53:36.810" "Reject HELO 193.31.119.107 fortunereptile.icu"
2420 "2019-07-23 00:53:38.294" "DISCONNECT 193.31.119.107"
2420 "2019-07-23 00:53:40.387" "--- Connect --- 80.160.77.99 25 - Clean level backup-mx1.post.tele.dk"
2420 "2019-07-23 00:53:40.387" "IDS Add 80.160.77.99"
2420 "2019-07-23 00:53:40.467" "WList HELO 80.160.77.99 backup-mx.post.tele.dk"
3208 "2019-07-23 00:53:46.060" "IDS Delete 80.160.77.99"
3208 "2019-07-23 00:53:46.092" "isBanned 80.160.77.99 193.31.119.107 fortunereptile.icu"
2420 "2019-07-23 00:56:42.872" "--- Connect --- 1.69.2.22 25 - Level 5"
2420 "2019-07-23 00:56:42.872" "IDS Add 1.69.2.22"
2420 "2019-07-23 00:56:42.903" "SnowShoe 1.69.2.22"
2420 "2019-07-23 00:56:44.386" "DISCONNECT 1.69.2.22"
2420 "2019-07-23 01:13:39.255" "--- Connect --- 37.49.230.178 25 - Level 5"
2420 "2019-07-23 01:13:39.270" "IDS Add 37.49.230.178"
2844 "2019-07-23 01:41:00.761" "--- Connect --- 191.53.194.167 465 - Level 5 191-53-194-167.dvl-wr.mastercabo.com.br"
2844 "2019-07-23 01:41:00.854" "GEOBlock 191.53.194.167 SMTPS"
2844 "2019-07-23 01:41:02.338" "DISCONNECT 191.53.194.167"
2420 "2019-07-23 01:43:19.557" "--- Connect --- 37.49.230.178 25 - Level 5"
2420 "2019-07-23 01:43:19.571" "IDS Add 37.49.230.178"
4000 "2019-07-23 01:44:00.321" "IDS BAN 37.49.230.178"
2420 "2019-07-23 01:47:14.086" "--- Connect --- 185.82.65.153 25 - Level 5"
2420 "2019-07-23 01:47:14.102" "IDS Add 185.82.65.153"
2420 "2019-07-23 01:47:14.148" "SnowShoe 185.82.65.153"
2420 "2019-07-23 01:47:15.632" "DISCONNECT 185.82.65.153"
2420 "2019-07-23 01:59:18.769" "--- Connect --- 85.93.252.55 25 - Level 5 252-55.neasonline.no"
2420 "2019-07-23 01:59:18.769" "IDS Add 85.93.252.55"
2420 "2019-07-23 01:59:18.878" "SnowShoe 85.93.252.55"
2420 "2019-07-23 01:59:20.362" "DISCONNECT 85.93.252.55"
3076 "2019-07-23 01:59:22.098" "--- Connect --- 177.124.102.135 25 - Level 5 177-124-102-135.provedordigitalnet.net.br"
3076 "2019-07-23 01:59:22.098" "IDS Add 177.124.102.135"
3076 "2019-07-23 01:59:22.190" "SnowShoe 177.124.102.135"
3076 "2019-07-23 01:59:23.675" "DISCONNECT 177.124.102.135"
2844 "2019-07-23 02:02:50.923" "--- Connect --- 143.208.248.74 465 - Level 5 74.248.208.143.radiustelecomunicacoes.com.br"
2844 "2019-07-23 02:02:51.034" "GEOBlock 143.208.248.74 SMTPS"
2844 "2019-07-23 02:02:52.518" "DISCONNECT 143.208.248.74"
3076 "2019-07-23 02:06:52.142" "--- Connect --- 103.194.89.214 25 - Level 5"
3076 "2019-07-23 02:06:52.157" "IDS Add 103.194.89.214"
3076 "2019-07-23 02:06:52.204" "SnowShoe 103.194.89.214"
3076 "2019-07-23 02:06:53.687" "DISCONNECT 103.194.89.214"
3076 "2019-07-23 02:07:14.062" "--- Connect --- 119.76.190.126 25 - Level 5 ppp-119-76-190-126.revip17.asianet.co.th"
3076 "2019-07-23 02:07:14.062" "IDS Add 119.76.190.126"
3076 "2019-07-23 02:07:14.157" "SnowShoe 119.76.190.126"
3076 "2019-07-23 02:07:15.641" "DISCONNECT 119.76.190.126"
3720 "2019-07-23 02:07:16.657" "--- Connect --- 139.255.113.243 25 - Level 5 ln-static-139-255-113-243.link.net.id"
3720 "2019-07-23 02:07:16.672" "IDS Add 139.255.113.243"
3720 "2019-07-23 02:07:16.734" "SnowShoe 139.255.113.243"
3720 "2019-07-23 02:07:18.220" "DISCONNECT 139.255.113.243"
3720 "2019-07-23 02:08:11.234" "--- Connect --- 193.31.119.108 25 - Level 2 hostmaster.netbudur.com"
3720 "2019-07-23 02:08:11.234" "IDS Add 193.31.119.108"
2844 "2019-07-23 02:08:32.157" "Reject HELO 193.31.119.108 depositunaware.icu"
2844 "2019-07-23 02:08:33.641" "DISCONNECT 193.31.119.108"
3720 "2019-07-23 02:08:36.907" "--- Connect --- 80.160.77.99 25 - Clean level backup-mx1.post.tele.dk"
3720 "2019-07-23 02:08:36.921" "IDS Add 80.160.77.99"
3720 "2019-07-23 02:08:37.000" "WList HELO 80.160.77.99 backup-mx.post.tele.dk"
3208 "2019-07-23 02:08:41.655" "IDS Delete 80.160.77.99"
3208 "2019-07-23 02:08:41.687" "isBanned 80.160.77.99 193.31.119.108 depositunaware.icu"
3720 "2019-07-23 02:14:18.341" "--- Connect --- 177.73.107.174 25 - Level 5"
3720 "2019-07-23 02:14:18.356" "IDS Add 177.73.107.174"
3720 "2019-07-23 02:14:18.419" "SnowShoe 177.73.107.174"
3720 "2019-07-23 02:14:19.903" "DISCONNECT 177.73.107.174"
3720 "2019-07-23 02:33:32.302" "--- Connect --- 91.112.99.78 25 - Level 5"
3720 "2019-07-23 02:33:32.302" "IDS Add 91.112.99.78"
3720 "2019-07-23 02:33:32.380" "SnowShoe 91.112.99.78"
3720 "2019-07-23 02:33:33.866" "DISCONNECT 91.112.99.78"
2844 "2019-07-23 02:41:24.471" "--- Connect --- 191.53.250.150 465 - Level 5 191-53-250-150.nvs-wr.mastercabo.com.br"
2844 "2019-07-23 02:41:24.549" "GEOBlock 191.53.250.150 SMTPS"
2844 "2019-07-23 02:41:26.035" "DISCONNECT 191.53.250.150"
3720 "2019-07-23 02:55:18.576" "--- Connect --- 193.31.119.130 25 - Level 2 hostmaster.netbudur.com"
3720 "2019-07-23 02:55:18.576" "IDS Add 193.31.119.130"
3720 "2019-07-23 02:55:39.779" "Reject HELO 193.31.119.130 delivervoucher.icu"
3720 "2019-07-23 02:55:41.248" "DISCONNECT 193.31.119.130"
3720 "2019-07-23 02:55:45.466" "--- Connect --- 80.160.77.115 25 - Clean level backup-mx2.post.tele.dk"
3720 "2019-07-23 02:55:45.482" "IDS Add 80.160.77.115"
3720 "2019-07-23 02:55:45.512" "WList HELO 80.160.77.115 backup-mx.post.tele.dk"
3208 "2019-07-23 02:55:48.951" "IDS Delete 80.160.77.115"
3208 "2019-07-23 02:55:48.966" "isBanned 80.160.77.115 193.31.119.130 delivervoucher.icu"
2844 "2019-07-23 03:12:58.038" "--- Connect --- 191.53.239.186 465 - Level 5 191-53-239-186.ptu-wr.mastercabo.com.br"
2844 "2019-07-23 03:12:58.116" "GEOBlock 191.53.239.186 SMTPS"
2844 "2019-07-23 03:12:59.600" "DISCONNECT 191.53.239.186"
3720 "2019-07-23 03:28:25.422" "--- Connect --- 106.75.106.221 25 - Level 5"
3720 "2019-07-23 03:28:25.422" "IDS Add 106.75.106.221"
2844 "2019-07-23 03:28:32.890" "--- Connect --- 106.75.106.221 25 - Level 5"
2844 "2019-07-23 03:28:32.890" "IDS Add 106.75.106.221"
3084 "2019-07-23 03:28:38.672" "--- Connect --- 106.75.106.221 25 - Level 5"
3084 "2019-07-23 03:28:38.672" "IDS Add 106.75.106.221"
3076 "2019-07-23 03:28:46.657" "--- Connect --- 106.75.106.221 25 - Level 5"
3076 "2019-07-23 03:28:46.657" "IDS Add 106.75.106.221"
2420 "2019-07-23 03:28:54.422" "--- Connect --- 106.75.106.221 25 - Level 5"
2420 "2019-07-23 03:28:54.438" "IDS Add 106.75.106.221"
3716 "2019-07-23 03:29:00.360" "IDS BAN 106.75.106.221"
2844 "2019-07-23 03:44:59.353" "--- Connect --- 177.129.206.114 465 - Level 5"
2844 "2019-07-23 03:44:59.448" "GEOBlock 177.129.206.114 SMTPS"
2844 "2019-07-23 03:45:00.931" "DISCONNECT 177.129.206.114"
2420 "2019-07-23 03:58:18.646" "--- Connect --- 193.31.119.131 25 - Level 2 hostmaster.netbudur.com"
2420 "2019-07-23 03:58:18.646" "IDS Add 193.31.119.131"
2420 "2019-07-23 03:58:39.676" "Reject HELO 193.31.119.131 quarterwarrant.icu"
2420 "2019-07-23 03:58:41.161" "DISCONNECT 193.31.119.131"
2420 "2019-07-23 03:58:41.411" "--- Connect --- 80.160.77.115 25 - Clean level backup-mx2.post.tele.dk"
2420 "2019-07-23 03:58:41.426" "IDS Add 80.160.77.115"
2420 "2019-07-23 03:58:41.458" "WList HELO 80.160.77.115 backup-mx.post.tele.dk"
3208 "2019-07-23 03:58:44.411" "IDS Delete 80.160.77.115"
3208 "2019-07-23 03:58:44.458" "isBanned 80.160.77.115 193.31.119.131 quarterwarrant.icu"
2844 "2019-07-23 04:04:04.815" "--- Connect --- 177.38.4.103 465 - Level 5 177-038-004-103.pontocomnet.com.br"
2844 "2019-07-23 04:04:04.892" "GEOBlock 177.38.4.103 SMTPS"
2844 "2019-07-23 04:04:06.377" "DISCONNECT 177.38.4.103"
2420 "2019-07-23 04:12:58.342" "--- Connect --- 181.64.238.189 25 - Level 5"
2420 "2019-07-23 04:12:58.359" "IDS Add 181.64.238.189"
2420 "2019-07-23 04:12:58.703" "LashBack 181.64.238.189"
2420 "2019-07-23 04:13:00.203" "DISCONNECT 181.64.238.189"
2420 "2019-07-23 04:29:23.243" "--- Connect --- 192.254.121.91 25 - Clean level o10.email.yotpo.com"
2420 "2019-07-23 04:29:23.258" "IDS Add 192.254.121.91"
3208 "2019-07-23 04:30:28.710" "IDS Delete 192.254.121.91"
2844 "2019-07-23 04:32:35.725" "--- Connect --- 191.53.220.165 465 - Level 5 191-53-220-165.dvl-wr.mastercabo.com.br"
2844 "2019-07-23 04:32:35.867" "GEOBlock 191.53.220.165 SMTPS"
2844 "2019-07-23 04:32:37.350" "DISCONNECT 191.53.220.165"
2844 "2019-07-23 04:53:36.109" "--- Connect --- 177.44.183.184 465 - Level 5 177-44-183-184.provedorarenanet.com.br"
2844 "2019-07-23 04:53:36.187" "GEOBlock 177.44.183.184 SMTPS"
2844 "2019-07-23 04:53:37.671" "DISCONNECT 177.44.183.184"
2844 "2019-07-23 04:55:28.873" "--- Connect --- 107.170.203.106 465 - Level 3 zg-0301f-26.stretchoid.com"
2844 "2019-07-23 04:55:28.951" "GEOBlock 107.170.203.106 SMTPS"
2844 "2019-07-23 04:55:30.435" "DISCONNECT 107.170.203.106"
2420 "2019-07-23 04:58:06.529" "--- Connect --- 123.20.213.94 25 - Level 5"
2420 "2019-07-23 04:58:06.529" "IDS Add 123.20.213.94"
2420 "2019-07-23 04:58:06.794" "LashBack 123.20.213.94"
2420 "2019-07-23 04:58:08.263" "DISCONNECT 123.20.213.94"
2420 "2019-07-23 05:28:06.939" "--- Connect --- 45.80.131.6 25 - Level 4 bear0.allfunbear.com"
2420 "2019-07-23 05:28:06.939" "IDS Add 45.80.131.6"
2420 "2019-07-23 05:29:02.205" "--- Connect --- 171.60.144.21 25 - Level 5 abts-mp-dynamic-x-21.144.60.171.airtelbroadband.in"
2420 "2019-07-23 05:29:02.205" "IDS Add 171.60.144.21"
3208 "2019-07-23 05:29:27.033" "IDS Delete 45.80.131.6"
3208 "2019-07-23 05:29:27.048" "SPAM/RBL/SURBL 45.80.131.6 Tagged as Spam by SpamAssassin - (Score: 8)"
3208 "2019-07-23 05:30:07.470" "IDS Delete 171.60.144.21"
3208 "2019-07-23 05:30:07.484" "Extortion 171.60.144.21 abts-mp-dynamic-x-21.144.60.171.airtelbroadband.in"
3208 "2019-07-23 05:30:07.484" "SPAM/RBL/SURBL 171.60.144.21 RBL - Rejected by Spamhaus - (Score: 5)"
3208 "2019-07-23 05:30:07.484" "SPAM/RBL/SURBL 171.60.144.21 RBL - Rejected by Barracuda Reputation Block List - (Score: 5)"
3208 "2019-07-23 05:30:07.484" "SPAM/RBL/SURBL 171.60.144.21 Tagged as Spam by SpamAssassin - (Score: 24)"
2420 "2019-07-23 05:32:43.531" "--- Connect --- 87.120.179.74 25 - Level 5"
2420 "2019-07-23 05:32:43.531" "IDS Add 87.120.179.74"
2420 "2019-07-23 05:32:43.593" "SnowShoe 87.120.179.74"
2420 "2019-07-23 05:32:45.093" "DISCONNECT 87.120.179.74"
2844 "2019-07-23 05:38:57.841" "--- Connect --- 198.108.66.32 465 - Level 4 worker-02.sfj.corp.censys.io"
2844 "2019-07-23 05:38:57.904" "GEOBlock 198.108.66.32 SMTPS"
2844 "2019-07-23 05:38:59.388" "DISCONNECT 198.108.66.32"
2420 "2019-07-23 05:48:07.181" "--- Connect --- 45.80.131.7 25 - Level 5 agon0.arcagon.com"
2420 "2019-07-23 05:48:07.181" "IDS Add 45.80.131.7"
3208 "2019-07-23 05:49:13.337" "IDS Delete 45.80.131.7"
3208 "2019-07-23 05:49:13.369" "SPAM/RBL/SURBL 45.80.131.7 Tagged as Spam by SpamAssassin - (Score: 8)"
2420 "2019-07-23 05:58:49.505" "--- Connect --- 122.47.180.89 25 - Level 5"
2420 "2019-07-23 05:58:49.505" "IDS Add 122.47.180.89"
2420 "2019-07-23 05:58:49.599" "SnowShoe 122.47.180.89"
2420 "2019-07-23 05:58:51.083" "DISCONNECT 122.47.180.89"
2420 "2019-07-23 05:59:21.380" "--- Connect --- 122.47.180.89 25 - Level 5"
2420 "2019-07-23 05:59:21.380" "IDS Add 122.47.180.89"
2420 "2019-07-23 05:59:21.380" "SnowShoe 122.47.180.89"
2420 "2019-07-23 05:59:22.865" "DISCONNECT 122.47.180.89"
2844 "2019-07-23 06:08:56.814" "--- Connect --- 191.53.249.213 465 - Level 5 191-53-249-213.nvs-wr.mastercabo.com.br"
2844 "2019-07-23 06:08:56.892" "GEOBlock 191.53.249.213 SMTPS"
2844 "2019-07-23 06:08:58.376" "DISCONNECT 191.53.249.213"
2844 "2019-07-23 06:09:11.189" "--- Connect --- 170.239.42.196 465 - Level 5 170-239-42-196.teleflex.net.br"
2844 "2019-07-23 06:09:11.251" "GEOBlock 170.239.42.196 SMTPS"
2844 "2019-07-23 06:09:12.736" "DISCONNECT 170.239.42.196"
2420 "2019-07-23 06:19:13.279" "--- Connect --- 89.104.206.40 25 - Clean level smtp-out12.electric.net"
2420 "2019-07-23 06:19:13.294" "IDS Add 89.104.206.40"
3208 "2019-07-23 06:20:18.435" "IDS Delete 89.104.206.40"
2420 "2019-07-23 06:26:37.339" "--- Connect --- 45.65.124.44 25 N/A d2.digiyear.com"
2420 "2019-07-23 06:26:37.353" "IDS Add 45.65.124.44"
3208 "2019-07-23 06:27:41.650" "IDS Delete 45.65.124.44"
3208 "2019-07-23 06:27:41.666" "SPAM/RBL/SURBL 45.65.124.44 Tagged as Spam by SpamAssassin - (Score: 3)"
2420 "2019-07-23 06:30:57.556" "--- Connect --- 185.215.49.5 25 - Clean level susanhopman.com"
2420 "2019-07-23 06:30:57.570" "IDS Add 185.215.49.5"
3208 "2019-07-23 06:32:02.898" "IDS Delete 185.215.49.5"
3208 "2019-07-23 06:32:02.929" "SPAM/RBL/SURBL 185.215.49.5 RBL - Rejected by Spamhaus - (Score: 5)"
3208 "2019-07-23 06:32:02.929" "SPAM/RBL/SURBL 185.215.49.5 Tagged as Spam by SpamAssassin - (Score: 8)"
2844 "2019-07-23 06:37:13.162" "--- Connect --- 187.85.214.31 465 - Level 5"
2844 "2019-07-23 06:37:13.224" "GEOBlock 187.85.214.31 SMTPS"
2844 "2019-07-23 06:37:14.710" "DISCONNECT 187.85.214.31"
2420 "2019-07-23 06:44:32.535" "--- Connect --- 169.255.9.18 25 - Level 5"
2420 "2019-07-23 06:44:32.535" "IDS Add 169.255.9.18"
2420 "2019-07-23 06:44:32.613" "SnowShoe 169.255.9.18"
2420 "2019-07-23 06:44:34.097" "DISCONNECT 169.255.9.18"
2420 "2019-07-23 06:44:42.082" "--- Connect --- 210.245.51.2 25 - Level 5 210-245-51-office-net-static-ip.fpt.vn"
2420 "2019-07-23 06:44:42.082" "IDS Add 210.245.51.2"
2420 "2019-07-23 06:44:42.144" "SnowShoe 210.245.51.2"
2420 "2019-07-23 06:44:43.628" "DISCONNECT 210.245.51.2"
2420 "2019-07-23 06:48:09.845" "--- Connect --- 193.31.119.133 25 - Level 2 hostmaster.netbudur.com"
2420 "2019-07-23 06:48:09.845" "IDS Add 193.31.119.133"
2420 "2019-07-23 06:48:33.673" "Reject HELO 193.31.119.133 storageindulge.icu"
2420 "2019-07-23 06:48:35.142" "DISCONNECT 193.31.119.133"
2420 "2019-07-23 06:50:06.501" "--- Connect --- 52.88.240.252 25 - Level 3 mta1a1.kayak-m.sparkpostelite.com"
2420 "2019-07-23 06:50:06.501" "IDS Add 52.88.240.252"
3208 "2019-07-23 06:51:13.611" "IDS Delete 52.88.240.252"
2844 "2019-07-23 06:56:46.326" "--- Connect --- 168.228.151.106 465 - Level 5"
2844 "2019-07-23 06:56:46.390" "GEOBlock 168.228.151.106 SMTPS"
2844 "2019-07-23 06:56:47.873" "DISCONNECT 168.228.151.106"
2420 "2019-07-23 06:58:47.013" "--- Connect --- 80.160.77.99 25 - Clean level backup-mx1.post.tele.dk"
2420 "2019-07-23 06:58:47.013" "IDS Add 80.160.77.99"
2420 "2019-07-23 06:58:47.060" "WList HELO 80.160.77.99 backup-mx.post.tele.dk"
3208 "2019-07-23 06:58:49.466" "IDS Delete 80.160.77.99"
3208 "2019-07-23 06:58:49.513" "isBanned 80.160.77.99 193.31.119.133 storageindulge.icu"
2420 "2019-07-23 07:07:41.417" "--- Connect --- 77.37.130.53 25 - Level 5 broadband-77-37-130-53.ip.moscow.rt.ru"
2420 "2019-07-23 07:07:41.417" "IDS Add 77.37.130.53"
2420 "2019-07-23 07:07:41.478" "SnowShoe 77.37.130.53"
2420 "2019-07-23 07:07:42.964" "DISCONNECT 77.37.130.53"
2844 "2019-07-23 07:07:44.322" "--- Connect --- 188.168.96.34 25 - Level 5 tmh-service.kz.ttknn.net"
2844 "2019-07-23 07:07:44.339" "IDS Add 188.168.96.34"
2844 "2019-07-23 07:07:44.400" "SnowShoe 188.168.96.34"
2844 "2019-07-23 07:07:45.884" "DISCONNECT 188.168.96.34"
2844 "2019-07-23 07:12:28.398" "--- Connect --- 45.11.192.21 25 - Level 3 haveyoursayafrica.com"
2844 "2019-07-23 07:12:28.398" "IDS Add 45.11.192.21"
2844 "2019-07-23 07:13:05.929" "--- Connect --- 67.205.151.71 25 - Level 1"
2844 "2019-07-23 07:13:05.945" "IDS Add 67.205.151.71"
3208 "2019-07-23 07:13:49.945" "IDS Delete 45.11.192.21"
3208 "2019-07-23 07:13:49.960" "SPAM/RBL/SURBL 45.11.192.21 Tagged as Spam by SpamAssassin - (Score: 3)"
3208 "2019-07-23 07:13:49.960" "SPAM/RBL/SURBL 45.11.192.21 RBL - Rejected by Barracuda Reputation Block List - (Score: 5)"
3208 "2019-07-23 07:14:13.585" "IDS Delete 67.205.151.71"
3208 "2019-07-23 07:14:13.601" "SPAM/RBL/SURBL 67.205.151.71 Tagged as Spam by SpamAssassin - (Score: 5)"
3208 "2019-07-23 07:14:13.601" "SPAM/RBL/SURBL 67.205.151.71 RBL - Rejected by Barracuda Reputation Block List - (Score: 5)"
2844 "2019-07-23 07:15:18.257" "--- Connect --- 37.49.227.11 25 - Level 5"
2844 "2019-07-23 07:15:18.257" "IDS Add 37.49.227.11"
2844 "2019-07-23 07:21:17.974" "--- Connect --- 52.11.191.219 25 - Level 3 1.mail2.vente-exclusive.com"
2844 "2019-07-23 07:21:17.974" "IDS Add 52.11.191.219"
3208 "2019-07-23 07:22:24.488" "IDS Delete 52.11.191.219"
2844 "2019-07-23 07:25:31.457" "--- Connect --- 37.49.227.11 25 - Level 5"
2844 "2019-07-23 07:25:31.457" "IDS Add 37.49.227.11"
3084 "2019-07-23 07:26:13.222" "BAD HELO 37.49.227.11 87.51.72.165"
3084 "2019-07-23 07:26:14.691" "DISCONNECT 37.49.227.11"
2844 "2019-07-23 07:30:52.455" "--- Connect --- 167.250.217.222 465 - Level 5 167-250-217-222.teleflex.net.br"
2844 "2019-07-23 07:30:52.517" "GEOBlock 167.250.217.222 SMTPS"
2844 "2019-07-23 07:30:54.001" "DISCONNECT 167.250.217.222"
2844 "2019-07-23 07:38:29.888" "--- Connect --- 106.105.218.106 25 - Level 5 106.105.218.106.adsl.dynamic.seed.net.tw"
2844 "2019-07-23 07:38:29.888" "IDS Add 106.105.218.106"
2844 "2019-07-23 07:38:30.044" "SnowShoe 106.105.218.106"
2844 "2019-07-23 07:38:31.529" "DISCONNECT 106.105.218.106"
2844 "2019-07-23 07:41:24.060" "--- Connect --- 159.253.178.99 25 - Clean level cluster1073.monopost.com"
2844 "2019-07-23 07:41:24.076" "IDS Add 159.253.178.99"
3208 "2019-07-23 07:42:30.091" "IDS Delete 159.253.178.99"
2844 "2019-07-23 07:42:37.402" "--- Connect --- 187.109.58.233 465 - Level 5 187-109-58-233.agyonet.com.br"
2844 "2019-07-23 07:42:37.466" "GEOBlock 187.109.58.233 SMTPS"
2844 "2019-07-23 07:42:38.949" "DISCONNECT 187.109.58.233"
2844 "2019-07-23 08:16:22.734" "--- Connect --- 45.80.131.45 25 - Level 5 street0.arclightfourthstreet.com"
2844 "2019-07-23 08:16:22.734" "IDS Add 45.80.131.45"
3208 "2019-07-23 08:17:29.421" "IDS Delete 45.80.131.45"
3208 "2019-07-23 08:17:29.437" "SPAM/RBL/SURBL 45.80.131.45 URIBL - Rejected by Spamhaus - (Score: 5)"
3208 "2019-07-23 08:17:29.437" "SPAM/RBL/SURBL 45.80.131.45 Tagged as Spam by SpamAssassin - (Score: 12)"
2844 "2019-07-23 08:51:54.220" "--- Connect --- 168.228.149.7 465 - Level 5"
2844 "2019-07-23 08:51:54.283" "GEOBlock 168.228.149.7 SMTPS"
2844 "2019-07-23 08:51:55.767" "DISCONNECT 168.228.149.7"
2844 "2019-07-23 08:52:45.345" "--- Connect --- 195.158.23.227 25 - Level 5"
2844 "2019-07-23 08:52:45.361" "IDS Add 195.158.23.227"
2844 "2019-07-23 08:52:45.486" "SnowShoe 195.158.23.227"
2844 "2019-07-23 08:52:46.970" "DISCONNECT 195.158.23.227"
2844 "2019-07-23 08:58:06.984" "--- Connect --- 91.227.208.160 25 - Level 3 rs-160.mta.anpdm.com"
2844 "2019-07-23 08:58:06.984" "IDS Add 91.227.208.160"
3208 "2019-07-23 08:59:13.498" "IDS Delete 91.227.208.160"
SørenR.
Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.
Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
That is an excellent way to avoid services like ZeroBounce to sneak into your server. I have a similar algorithm on my spam traps. Too many connections counts as a catch.SorenR wrote: ↑2019-07-23 14:27"IDS BAN" means to many connects and no actual mail received (IDS Add with no immediate following IDS Delete). Limit is 3 connects in 180 minutes and no mail = BAN. Handler is run every 1 minute so sometimes additional concurrent connects are registered before the BAN is in place.
Re: New DNSBL designed for hMailServer
If I wanted to use this on hmailserver, where do I enter this code?EduardoFoltran wrote: ↑2019-07-19 19:09I believe is better to be safe than sorry. The vast majority of emails on my spam trap with ransomware, phishing and scams come from home computers infected with all sorts of malware. Here in Brazil most IPS block port 25 on domestic connections for that same reason. If you are trying to run a legitimate SMTP server from your home, at least get an IPS that provides you with a proper PTR or get a business connection, otherwise there is no way to differentiate you from a malware.
For those who wish to try SpamDonkey on hMailServer, this is the antispam configuration I am using. I also lowered the SpamAssassin spam threshold to 3.
Code: Select all
----------------------------------------------------------------------------------------------- ANTISPAM GENERAL SPAM TESTS Score SPAMASSASSIN Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: True Add X-HmailServer-Spam: True Check HELO host: True - 2 Hostname: 127.0.0.1 Add X-HmailServer-Reason: True Check MX records: True - 2 Port: 783 Add X-HmailServer-Subject: False Verify DKIM: True - 2 Use SA score: True Spam delete threshold: 15 Maximum message size: 1024 DNSBL ENTRIES: dnsbl.spamdonkey.com Score: 1 Result: 127.0.0.1 dnsbl.spamdonkey.com Score: 2 Result: 127.0.0.2 dnsbl.spamdonkey.com Score: 5 Result: 127.0.0.3 dnsbl.spamdonkey.com Score: 10 Result: 127.0.0.4 dnsbl.spamdonkey.com Score: 15 Result: 127.0.0.5 SURBL ENTRIES: multi.surbl.org Score: 6 GREYLISTING: Greylisting: True Defer mins: 5 Days Unused: 1 Days Used: 36 Bypass SPF: True Bypass A/MX: Falso Greylist WHITELIST ENTRIES: No entries
Re: New DNSBL designed for hMailServer
if you want to run spamassasin you will have to set it up separately .. just clicking the box in hmailserver interface does not install it
___________________________________________________________end of the line
Re: New DNSBL designed for hMailServer
Thank you. Was trying to add it in the dnsbl and not sure how to enter the 127.0.0.1 to 127.0.0.5. If I add 127.0.0.1-5 will that block all of them? I don't think I would want that.
Axe
Axe
Re: New DNSBL designed for hMailServer
every dnsbl ( dns blacklist ) have their own settings
for spamdonkey they are at this time:
126.0.0.0 - Whitelist level - The IP belongs to a serious and recognized email service which provides person to person communication and does not allow mass mailing through its servers.
127.0.0.0 - Clean level - It means either there is no data about it or it belongs to someone who does not send mass mailing.
127.0.0.1 - Level 1 - There was some report of unsolicited mail coming from this IP, but it should be safe to deliver its messages. The IP does not have a spotless reputation. However, there is not enough evidence to classify it as a spammer
127.0.0.2 - Level 2 - The IP belongs to a service which sends legitimate mass emails and takes care about spammers operating on their servers. Their clients are asked to use their own lists of emails and the service does care about how those addresses have been obtained. Some unsolicited mail may come from this source, but not as a rule and its messages cannot be classified as spam by this criterion alone. Social media email falls under this classification too.
127.0.0.3 - Level 3 - The IP belongs to an email marketing service that sends both solicited and unsolicited advertisement. It is a threshold for spam. You must decide what to do with this level, but we recommend sending it to the spam folder
127.0.0.4 - Level 4 - The IP belongs to a mass email service that sends mostly unsolicited advertisement. Messages coming from it should go to spam folder.
127.0.0.5 - Level 5 - This is not a legitimate service and anything coming from this IP should be discarded without concern.
i use:
zen.spamhaus.org 127.0.0.2-11 score:5
bl.spamcop.net 127.0.0.2 score:5
b.barracudacentral.org 127.0.0.* score: 4
recent.spam.dnsbl.sorbs.net 127.0.0.* score 3
psbl.surriel.com 127.0.0.* score 3
virbl.dnsbl.bit.nl 127.0.0.* score 2
cbl.abuseat.org 127.0.0.2 score 4
ix.dnsbl.manitu.net 127.0.0.* score 4
sbl.spamhaus.org 127.0.0.3 score 10
dnsbl-1.uceprotect.net 127.0.0.* score 4
dnsbl-2.uceprotect.net 127.0.0.2 score 3
dnsbl-3.uceprotect.net 127.0.0.* score 2
i have NO CLUE any longer as why i choose those lists .. if they are alive .. if it is the right score but a lot of crap gets stopped there
SO DO NOT USE MY SETTINGS
and i see nothing wrong in useing spamdonkey with 1-5
i just post tmine to show you there are other lists than spamdonkey ( i promote non before another ... )
( this is where i also sit back hold my hands over my ears and waits for someone to tell me how OFF i am in my choice
)___________________________________________________________end of the line
Re: New DNSBL designed for hMailServer
So if I understand you correctly, I add 127.0.0.0 and 127.0.0.1 to the whitelist. I add 127.0.0.2 to the greylist. And then the rest go to the blacklist?
I think I'm understanding it correctly now.
Edit, just tried setting it up that way and the greylist and whitelist don't work like that. This is how i set it up (based on how spamcop looks)
Axe
I think I'm understanding it correctly now.
Edit, just tried setting it up that way and the greylist and whitelist don't work like that. This is how i set it up (based on how spamcop looks)
- 2020-08-12.jpg (9.49 KiB) Viewed 5464 times
Re: New DNSBL designed for hMailServer
yes you understand now..Axe6st wrote: ↑2020-08-12 17:56So if I understand you correctly, I add 127.0.0.0 and 127.0.0.1 to the whitelist. I add 127.0.0.2 to the greylist. And then the rest go to the blacklist?
I think I'm understanding it correctly now.
Edit, just tried setting it up that way and the greylist and whitelist don't work like that. This is how i set it up (based on how spamcop looks)
2020-08-12.jpg
Axe
there are other mailservers ( and scripts ) that could benefit from other content in listings ( whitelist )
greylisting is putting possible smtp sender "on hold" and tell them to come back later, real mailservers will come back .. some spam applications just shoot once and if not let in then they goe to next target https://en.wikipedia.org/wiki/Greylisting_(email)
___________________________________________________________end of the line
Re: New DNSBL designed for hMailServer
So I just added 2 more entries in dnsbl for spamdonkey.com so that 127.0.0.3 has a score of 5, 127.0.0.4 has a score of 10 and 127.0.0.5 has a score of 15. And I set up greylisting as you suggested. That should be correct right?
Axe
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
Only 126.0.0.0 should be considered whitelist. 127.0.0.0 is clean, but it does not mean whitelist. 127.0.0.1 and 127.0.0.2 are greylist.
If you can, please, help to support SpamDonkey on Patron. I have now several people using the service but no support at all.
Re: New DNSBL designed for hMailServer
OK, let me see how it goes over the next few days. I already found a false positive but I believe my boss has an exchange server running out of his house so that is to be expected. I'll have to figure out how to whitelist that domain. So far my spam has totally stopped. If all works well I will definitely make a donation because you've helped me alot. Do you know how to have it go to my spam folder instead of totally rejecting it? Is that set in my spf record?
I'm not that good at this stuff, I run a tiny server for a few customers and haven't had to set up a mail server since 2012. LOL
I'm not that good at this stuff, I run a tiny server for a few customers and haven't had to set up a mail server since 2012. LOL
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
You just change the amount of points you give to each level or set a very high Spam delete threshold. If you put 1000 there, all spam will end on your spam box.
Re: New DNSBL designed for hMailServer
OK, Thank you. I don't want all spam to go there so I will play around with the numbers. I tried whitelisting my work email address and it was rejected and bounced back so I'll just go up until that mail comes through.
Thank you.
Thank you.
-
EduardoFoltran
- Normal user
- Posts: 42
- Joined: 2016-08-12 15:04
Re: New DNSBL designed for hMailServer
On with IP is your server? Let me check why it is listed.
Re: New DNSBL designed for hMailServer
No, my work email is an outside domain not connected to my server. And I think my boss is running an exchange server from his house. From what I read above that should trigger your blacklist. I set the spam threshold to 55 and set level 5 to a score of 50. Now I am getting my work emails in my spam folder, which is fine because I rarely email from work to my other e-mail address. I can just go look in spam for it. So far, I am getting NO spam in my regular inbox. I usually get about 20 per day in my inbox and about 30 per day in my spam folder and on the Imap spam folder I get alot more. So if no more false positives in the next few days I will keep this going.
Axe
Axe