Quote:
Originally Posted by SideshowBob
Whitelist it or have it bypass spam filtering.
You are emailing text that probably contains the hostnames of compromised servers, some of which may have been controled by spammers or used for hosting malware.
There may also be anomalies in your setup that suggest it's not a well run mail server. Bear in mind that Fastmail is very lax about what they accept via their MTA and will accept things that most mail servers would reject outright.
|
Correct - it's definitely the bad SSH attempts with the reverse DNS pointing at compromised hosts.
Here's a snippet of the spam hits header:
Code:
X-Spam-score: 8.7
X-Spam-hits: BAYES_00 -1.9, ME_FROM_EQ_TO 0.01, ME_NOAUTH 0.01,
ME_NOAUTH_FROM_EQ_TO 1.5, ME_VADESPAM 5, ME_ZS_CLEAN -0.001,
URIBL_DBL_SPAM 3, URI_HEX 1.122, LANGUAGES unknown, BAYES_USED user,
SA_VERSION 3.4.2
Without VADESPAM and a score threshold of 8, it'd be incredibly rare to have false positives or negatives. I've had these cronjob and spam filtering setup for years. Only had issues since VADESPAM. I now have rules to bypass cron emails for spam.