TLD blocked in Blacklisted Email, still getting mail

S

ssgill

Verified User
Joined
May 9, 2012
Messages
168
Hello, i have blocked .top "*@*.top" in blacklisted e-mails in SpamAssassin setup but still receiving email. Can someone look at the headers and explain what could be the issue, using latest version
Spam Score Low 5.0


Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from matrix.mydomain.com
by matrix.mydomain.com with LMTP
id CFtBKcWa5Ga7xjQAkCKiFQ
(envelope-from <[email protected]>)
for <[email protected]>; Fri, 13 Sep 2024 14:04:21 -0600
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Fri, 13 Sep 2024 14:04:21 -0600
Received: from out208-136.dm.aliyun.com ([140.205.208.136])
by matrix.mydomain.com with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98)
(envelope-from <[email protected]>)
id 1spCWi-0000000EW0I-2pwV
for [email protected];
Fri, 13 Sep 2024 14:04:21 -0600
X-AliDM-RcptTo: c2FsZXNAbWF0cml4b3JiaXRhbC5jb20=
Feedback-ID: default:[email protected]:batch:265526
Received: from iz8vb5iv69mudwqfctc2b7z(mailfrom:[email protected] fp:SMTPD_-VHcCls.5H1 cluster:AY35D)
by smtpdm.aliyun.com(127.0.0.1);
Sat, 14 Sep 2024 04:04:16 +0800
X-EnvId: 600000112856691919
Date: Sat, 14 Sep 2024 04:04:16 +0800
To: [email protected]
From: Nina Zhang +Electronic components sources <[email protected]>
Reply-To: Nina Zhang +Electronic components sources <[email protected]>
Subject: Electronic Component ,Do you still looking for?
Message-ID: <438b6101-14c0-5306-0b97-66e49aa51d36@wheat>
X-Mailer: Microsoft Office Outlook 12.0
51WHEATSEARCH-MESSAGE-ID: 438b6101-14c0-5306-0b97-66e49aa51d36@wheat
List-Unsubscribe: <https://track.51wheatsearch.com/tra...JlbnYiOiJwcm8iLCJlbWFpbElkIjoiNzk5NzU5NDM5In0>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
X-SMTPAPI: {"unique_args":{"env":"pro","emailId":"799759439"}}
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on 140.205.208.136, -10 Spam score
SPFCheck: Server passes SPF test, -30 Spam score
X-Spam-Score: 5.4 (+++++)
X-Spam-Report: Spam detection software, running on the system "matrix.mydomain.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: "Introducing Hong Kong Delsheng Electronics Co., Ltd - Your
Trusted Partner for Electronic Component Distribution" Buyers,
Content analysis details: (5.4 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no
trust
[140.205.208.136 listed in list.dnswl.org]
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4999]
1.5 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
SpamTally: Final spam score: 14
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
Click to expand...

Thanks
 
Seems this is your issue:
Code: 
[140.205.208.136 listed in list.dnswl.org]
And it's getting passed because dnswl.org is a whitelist and Exim is using that list.

There are a few things you can do like write a complaint to DNSWL or to the mailserver owning this ip.
IP address 140.205.208.136 is whitelisted at dnswl.org with the following details:
DNSWL Id: 40923; Domain: aliyun.com; Sec. Domains: ; Category: Email Marketing Provider (127.0.0.x); Country: HK

An ip whois looks like it's related to alibaba.
You could try sending them a spam complaint.
[email protected]

Another method is to disable the dnswl.org list in Exim, however, that might result in blockage of correct big mailservers when for some reason some spam is send.
 
Thanks for the reply, but my understanding was that if i block domain on my end in SpamAssassin then that should overwrite everything else. Even if domain passes all the test but if SpamAssassin is told to mark any email coming from domain as spam then it should be marked as spam.
Thanks
 
You must log in or register to reply here.
Back
Top