Weired Spam
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Aug 5 22:23:13 IST 2003
It's not running the virus checks either. What setting do you have for
"Virus Scanning" in MailScanner.conf (+ any related rulesets of course,
please). Also, what is "Spam Checks" set to?
At 22:28 05/08/2003, you wrote:
>Hi all,
>
>Could someone tell me how this spam is getting through?
>I am having to block IP ranges to stop it. But, I am just curious if anyone of
>you knows how this spammer is tricking MS to not run spam checks. Or, if there
>is anything that I can tweak to stop it from slipping through.
>
>Here is the spam:
>
>Note: Avsmtp01 is mail gatway
> sunmuw1 is my mailserver
>
>*****************************
>
>Return-Path: <hkew2002 at yahoo.com.hk>
>Received: from avsmtp01.muw.edu (avsmtp01.MUW.Edu [192.231.29.4])
> by sunmuw1.muw.edu (8.11.6/8.11.6) with ESMTP id h75LAXD31167;
> Tue, 5 Aug 2003 16:10:33 -0500
>Received: from x ([61.93.74.68])
> by avsmtp01.muw.edu (8.12.8/8.12.8) with SMTP id h75KnOcO023594;
> Tue, 5 Aug 2003 15:49:26 -0500
>Date: Tue, 5 Aug 2003 15:49:24 -0500
>Received: from mail
> by saturn.seed.net.tw with SMTP id flr7ms0YXcutjJe2HdAA;
> Wed, 06 Aug 2003 04:53:54 +0800
>Message-ID: <rmFgV85bpBGdDy at giga.net.tw>
>From: hkew2002 at yahoo.com.hk
>To: \HK033.TXT at avsmtp01.muw.edu, \HK001.TXT at avsmtp01.muw.edu,
> \HK002.TXT at avsmtp01.muw.edu, \HK003.TXT at avsmtp01.muw.edu,
> \HK004.TXT at avsmtp01.muw.edu, \HK005.TXT at avsmtp01.muw.edu,
> \HK006.TXT at avsmtp01.muw.edu, \HK007.TXT at avsmtp01.muw.edu,
> \HK008.TXT at avsmtp01.muw.edu, \HK009.TXT at avsmtp01.muw.edu,
> \HK010.TXT at avsmtp01.muw.edu, \HK011.TXT at avsmtp01.muw.edu,
> \HK012.TXT at avsmtp01.muw.edu, \HK013.TXT at avsmtp01.muw.edu,
> \HK014.TXT at avsmtp01.muw.edu, \HK015.TXT at avsmtp01.muw.edu,
> \HK016.TXT at avsmtp01.muw.edu, \HK017.TXT at avsmtp01.muw.edu,
> \HK018.TXT at avsmtp01.muw.edu, \HK019.TXT at avsmtp01.muw.edu,
> \HK020.TXT at avsmtp01.muw.edu, \HK021.TXT at avsmtp01.muw.edu,
> \HK022.TXT at avsmtp01.muw.edu, \HK023.TXT at avsmtp01.muw.edu,
> \HK024.TXT at avsmtp01.muw.edu, \HK025.TXT at avsmtp01.muw.edu,
> \HK026.TXT at avsmtp01.muw.edu, \HK027.TXT at avsmtp01.muw.edu,
> \HK028.TXT at avsmtp01.muw.edu, \HK029.TXT at avsmtp01.muw.edu,
> \HK030.TXT at avsmtp01.muw.edu, \HK031.TXT at avsmtp01.muw.edu,
> \HK032.TXT at avsmtp01.muw.edu
>Subject:
>=?big5?Q?=A5~=B6=D7=A1B=B6=C0=AA=F7=A1B=A5=D5=BB=C8=A1B=AA=D1=B2=BC=A7=DE=B3N=A8=AB=B6=D5=A7=EB=B8=EA=A5=FE=A7=F0=B2=A4
> =B6g=A4@=B0]=B8g=AEy=BD=CD=B7|?=
>MIME-Version: 1.0
>Content-type: multipart/mixed;
>boundary="__MailScanner_found_Cyrus_boundary_substring_problem__"
>X-Mailer: swFfgvA2gSn0ZvjbBqECkw55zHSfr
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-MailScanner: Found to be clean, Not scanned: please contact your Internet
>E-Mail Service Provider for details
>X-MailScanner-Information: Please contact the ISP for more information
>
>
>This is a multi-part message in MIME format.
>
>--__MailScanner_found_Cyrus_boundary_substring_problem__
>Content-Type: multipart/alternative;
> boundary="----=_NextPart_83t8Wg3xbHcq9PFxhaAA"
>
>------=_NextPart_83t8Wg3xbHcq9PFxhaAA
>Content-Type: text/plain;
>Content-Transfer-Encoding: quoted-printable
>
>=AD^=AC=D3=AA=F7=BF=C4=B6=B0=B9=CE(=AD=BB=B4=E4)=A6=B3=AD=AD=A4=BD=A5q-=A5~=
>=B6=D7=A5=E6=A9=F6=B0=D3=B5P=B7=D3:FXT000040
>=AD^=AC=D3=AA=F7=B7~=A7=EB=B8=EA=A6=B3=AD=AD=A4=BD=A5q-(=AD^=AC=D3=B6=B0=B9=
>=CE=A6=A8=AD=FB)
>
>=A5~=B6=D7=A1B=B6=C0=AA=F7=A1B=A5=D5=BB=C8=A1B=AA=D1=B2=BC=A7=DE=B3N=A8=AB=
>=B6=D5=A7=EB=B8=EA=A5=FE=A7=F0=B2=A4 =B6g=A4@=B0]=B8g=AEy=BD=CD=B7|=09
>
>=B6g=A4@=AEy=BD=CD=B7|=A9l=B3=D0=A9=F31997=A6~7=A4=EB=A1A=B6W=B9L270=B3=F5=
>=C1=BF=AEy=A1A=B3=F5=B3=F5=BA=A1=AEy=A1C=BCs=B5=B2=A8}=BDt=A1A=AC=B0=A7=EB=
>=B8=EA=AA=CC=AB=FC=C2I=B0g=ACz=A1A=B9=F0=B3=D0=A8=CE=C1Z=A1C=BD=F1=A4J6=B6g=
>=A6~=A1A=A5[=B1j=B0}=AEe=A1A=B4=A3=A4=C9=A7=EB=B8=EA=A6^=B3=F8=B2v=A1A=AC=
>=B0=A7K=A6V=B6=A8=A1A=B1q=B3t=ADq=AEy=A1C
>
>=A9=B9=C1Z=A6^=C5U=A1G
>1997=A6~=A6=A8=A5\=B9w=B4=FA=AA=F7=BF=C4=AD=B7=BC=C9=A8=D3=C1{=A1A=B7=ED=A6=
>~=B9w=B4=FA=AA=D1=A5=AB=A4=CE=BC=D3=A5=AB=B7|=A4U=B6^30%=A1C
>1998=A6~=AB=D8=C4=B3=AB=C8=A4=E1=F9=DA=AB=FC7000=C2I=B6R=A4J=F9=DA=A5=CD=BB=
>=C8=A6=E6=A1B=A9M=B6=C0=A1B=A4=A4=ABH=AE=F5=B4I=A1C
>1999=A6~=AB=D8=C4=B3=AB=C8=A4=E1=AA=F8=B4=C1=B6R=A4J=B6=C0=AA=F7=A1A=B6R=A4=
>J=ABa=ADx=AC=EC=A7=DE=A1B=B3=D0=AC=EC=B9=EA=B7~=A1B=AAF=A4=E8=A4=E9=B3=F8=
>=A1C
>2000=A6~=A6=A8=A5\=B9w=B4=FA=AC=FC=B0=EA=AC=EC=BA=F4=AA=D1=AAw=AAj=C3z=AF}=
>=A1C
>2001=A6~=AB=D8=C4=B3=AB=C8=A4=E1=AA=F8=BDu=B6R=A4J=BFD=A4=B8=A4=CE=AF=C3=A4=
>=B8=A1B=A5=D5=BB=C8=A1C
>2002=A6~=AB=D8=C4=B3=AB=C8=A4=E1=A4j=A4=E2=A7l=A4J=B6=C0=AA=F7=A4=CE=BC=DA=
>=C3=B9=A1C
>2003=A6~1=A4=EB=AE=C9=BFW=AEa=B1=C0=A4=B6=A4=D3=A5j=ACv=A6=E6A=A1B=A4E=C0s=
>=AD=DC=A1B=A5[=A4=B8=A1B=A5=D5=BB=C8=A1B=BC=DA=C3=B9=B7=E7=A4h=A5=E6=A4e=BD=
>L=A1B=BFD=ACw=A4=E9=A4=B8=A4e=BDL=A1C
>
>=A5=BC=A8=D3=B1=B4=AF=C1=A1G
>1.=B1=D0=A7A=A6p=A6=F3=A7Q=A5=CE=A4Q=A6~=AE=C9=B6=A1=A1A=A7=EB=B8=EA=A6^=B3=
>=F8=B2v=B0=AA=B9F1000=AD=BF=AA=BA=A7=EB=B8=EA=B5=A6=B2=A4=A1C
>2.=AD=E5=AAR=C1=C8=BF=FA=A4=A7=AF=AB=A1A=C1=C8=BF=FA=A4=DF=AAk=A1A=B2=B4=A5=
>=FA=A1A=AD@=A9=CA=A1A=AE=C9=BE=F7=A4=A7=B4x=B4=A4=A1C
>3.=B1M=AEa=B1=D0=A7A=A1A=A4=FB=A5=D6=A4W=B8=A8=A5=AB=AA=A3=AAi=B4T=A1A=A8C=
>=ACP=B4=C1=C1=C8=A8=FA=B9s=A5=CE=BF=FA=A1C
>4.=A6p=A6=F3=A7Q=A5=CE=B3f=B9=F4=A9=CE=AA=D1=B2=BC=B1=BE=B3=A8=C1=C8=A8=FA=
>=B0=AA=AE=A7=A1C
>5.=A6p=A6=F3=A7Q=A5=CE=F9=DA=AB=FC=BB{=AAf=BD=FC=A4=CE=BB{=C1=CA=BD=FC=A1A=
>=A4M=A5J=BF=F7=A4j=BE=F0=A1C
>6.=B6R1 3=B8=B9=A9M=B6=C0=A1A=A7=F5=B9=C5=B8=DB=A5=FD=A5=CD=BE=CC=A7=C0=B9B=
>=A6=A8=A5@=AC=C9=AD=BA=B4I=A1C
>7.=B6=C0=AA=F7=A4=FB=A5=AB=A4v=B1=D2=B0=CA=A1A=B6R=AA=F7=A5i=ABO=AD=C8=A1C
>8.=B0=B5=A8=AC=B7=C7=B3=C6=A5\=A4=D2=A1A=AA=EF=B1=B5=A5=D5=BB=C8=A4j=A4=FB=
>=A5=AB=A1A=C1=C8=A8=FA3=AD=BF=A7Q=BF=FA=A1C
>9.=B1M=B7~=A4=C0=AAR=BC=DA=C3=B9=A1B=A4=E9=A4=B8=A1B=AD^=C2=E9=A1B=B7=E7=A4=
>h=AAk=AD=A6=A1B=BFD=A4=B8=A1B=AF=C3=A4=B8=A1B=A5[=A4=B8=A1B=B6=C0=AA=F7=A1B=
>=A5=D5=BB=C8=A1A=A8C=B6g=A5=AB=B3=F5=A8=AB=B6=D5=A1A=A7=D6=A4H=A4@=A8B=A1A=
>=AC}=B1x=A5=FD=BE=F7=A1C
>
>=C1=BF=AA=CC=A1G=B1i=B7=D8=ACu=A5=FD=A5=CD=A1i=AD^=AC=D3=AA=F7=BF=C4=B6=B0=
>=B9=CE(=AD=BB=B4=E4)=A6=B3=AD=AD=A4=BD=A5q=C1`=B5=F4=A1j=AD=DD=A1i=B8=EA=B2=
>`=A7=EB=B8=EA=B5=FB=BD=D7=AD=FB=A1j=A4w=B1q=A8=C6=A5~=B6=D7=A1B=B6=C0=AA=F7=
>=A5=E6=A9=F6=A4G=A4Q=A6~=B8g=C5=E7
> =A4=FD=B2=D0=A4=E5=A5=FD=A5=CD=A1i=AD^=AC=D3=AA=F7=BF=C4=B6=B0=
>=B9=CE(=AD=BB=B4=E4)=A6=B3=AD=AD=A4=BD=A5q=B0=AA=AF=C5=B0=C6=C1`=B5=F4=A1j=
>=AD=DD=A1i=AD^=AC=D3=C3=D2=A8=E9(=AD=BB=B4=E4)=A6=B3=AD=AD=A4=BD=A5q=C0=E7=
>=B7~=B8g=B2z=A1j=A4w=B1q=A8=C6=A5~=B6=D7=A1B=AA=D1=B2=BC=A5=E6=A9=F6=A4Q=BE=
>l=A6~=B8g=C5=E7
>=A4=E9=B4=C1=A1G2003=A6~8=A4=EB13=A4=E9=B3{=ACP=B4=C1=A4@=B1=DF=A4W(=B0=B2=
>=B4=C1=B0=A3=A5~)
>=AE=C9=B6=A1=A1G=B1=DF=A4W=A4C=AE=C9=A4T=A4Q=A4=C0=A6=DC=A4E=AE=C9=A4T=A4Q=
>=A4=C0
>=A6a=C2I=A1G=AD=BB=B4=E4=C6W=A5J=B0a=A5=A7=B8=D6=B9D288=B8=B9=AD^=AC=D3=B6=
>=B0=B9=CE=A4=A4=A4=DF23=BC=D3
>=B6O=A5=CE=A1G=A8C=B0=F3=B4=E4=B9=F440=A4=B8=A5=BF
>=AFd=AEy=B9q=B8=DC=A1G8105 8580=B6=C0=A5=FD=A5=CD
>
>=AD=B7=C0I=C1n=A9=FA=A1G=A7=EB=B8=EA=AA=CC=C0=B3=A9=FA=A5=D5=A8=EC=A5~=B6=
>=D7=A5=AB=B3=F5=AA=BA=AC=D5=C1=AB=AD=B7=C0I=A1A=A9=D2=AD=B1=B9=EF=AA=BA=B7l=
>=A5=A2=A5i=AF=E0=B7|=B0=AA=A9=F3=A5I=A5X=AA=BA=ABO=C3=D2=AA=F7=C3B=A1A=A5=
>=AB=B3=F5=AD=B7=C0I=A4=A3=A4@=A9w=AF=E0=A6b=B9w=ADp=A4=A7=A4=BA=A1A=BAb=B1=
>=EC=A6=A1=A5~=B6=D7=A5=E6=A9=F6=B0=D3=A8=C3=A4=A3=AF=E0=B9=EF=A7=EB=B8=EA=
>=AA=CC=A9=D2=AD=B1=B9=EF=AA=BA=AD=B7=C0I=A7@=A5X=ABO=C3=D2=A1C
>
>------=_NextPart_83t8Wg3xbHcq9PFxhaAA--
>
>--__MailScanner_found_Cyrus_boundary_substring_problem__
>Content-Type: application/octet-stream;
> name="C:\Documents and
> Settings\Administrator\®à±\¶g¤@°]¸g®y½Í·|.DOC"
>Content-Transfer-Encoding: base64
>Content-Disposition: attachment;
> filename="¶g¤@°]¸g®y½Í·|.DOC"
>
>**********************************************
>
>What in the world is HK*.TXT@ ...? There are not such users.
>
>Thanks for any insights
>Marco
>
>_________________________________________________________________
>This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail
>For the latest MUW Events, visit http://www.MUW.Edu/calendar
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list