Where did my spam go...
Joel Colvin
joelc at CTCHOUSTON.COM
Mon Oct 28 22:09:01 GMT 2002
Not that I mind too much but my spam is disappearing. I'm using
MailScanner 4.03-1 right now but have noticed this for a while now. I'm
also using SpamAssassin.
If I have "Spam Actions" set to deliver, I get the mail marked properly
as spam. If I set the action to striphtml I never receive the mail.
Required SpamAssassin Score = 5
High SpamAssassin Score = 20
Spam Actions = striphtml
High Scoring Spam Actions = store
Here is an example from my logs. This spam scored 6.4 and was not
delivered anywhere and is not in
/var/spool/MailScanner/quarantine/DATE/spam. I see no other reference
to the sendmail ID anywhere else in my logs.
-------------start of log---------------------------
Oct 27 06:57:54 bongo sendmail[6057]: g9RCvNAH006057:
from=<wommaster123 at mandic.com.br>, size=1928, class=0, nrcpts=1,
msgid=<200210271257.g9RCvNAH006057 at bongo.MYDOMAIN.com>, proto=SMTP,
daemon=MTA, relay=host-202.153.250.196-personal-broadband.mweb.net.id
[202.153.250.196] (may be forged)
Oct 27 06:57:55 bongo MailScanner[1884]: New Batch: Scanning 1 messages,
2581 bytes
Oct 27 06:57:55 bongo MailScanner[1884]: Spam Checks: Starting
Oct 27 06:57:56 bongo MailScanner[1884]: RBL checks: g9RCvNAH006057
found in Infinite-Monkeys
Oct 27 06:57:57 bongo MailScanner[1884]: Message g9RCvNAH006057 from
202.153.250.196 (mandic.com.br) is spam according to Infinite-Monkeys,
SpamAssassin (score=6.4, required 5, CTYPE_JUST_HTML, FROM_ENDS_IN_NUMS,
HTML_50_70, HTML_FONT_FACE_ODD, HTML_WITH_BGCOLOR, LINES_OF_YELLING,
MAILTO_LINK, MAY_BE_FORGED, MSG_ID_ADDED_BY_MTA_2, SPAM_PHRASE_05_08,
TO_MALFORMED, TRACKER_ID, USER_AGENT_OE)
Oct 27 06:57:58 bongo MailScanner[1884]: Spam Checks: Found 1 spam
messages
Oct 27 06:58:00 bongo MailScanner[1884]: Spam Actions: message
g9RCvNAH006057 actions are striphtml
-------------end of log---------------------------
Anybody have ideas where to look?
Joel
More information about the MailScanner
mailing list