Sudden surge in spam

James Pifer mailscannerlist at TNJINFL.COM
Wed Aug 27 12:22:29 IST 2003 

Like a dummy, I deleted those emails in question from this morning. I'll
compare the next ones to the headers you sent. In header I looked at
this morning I don't remember seeing an X-MailScanner-SpamCheck, which
my messages marked as spam have. The next set I get in I'll check the
headers and not delete them... :-(

Thanks,
James

On Wed, 2003-08-27 at 06:42, Plant, Dean wrote:
> James,
>
> I am running a similar setup as you except im using DCC and not using Pyzor..
>
> Here is a copy of a header for the "Take advantage of lower interest rates" spam on my system.
>
> Subject: {Spam?} Take advantage of lower interest rates
> Date: Wed, 27 Aug 2003 06:28:14 -0400
> MIME-Version: 1.0
> Content-Type: text/html; charset="ISO-8859-1"
> X-Priority: 3
> X-Mailer: mxMAILPro
> Abuse2-Tracking: <cmRiQHJva2UuY28udWs=>
> X-MailScanner-rsys001x: Found to be clean
> X-MailScanner-rsys001x-SpamCheck: spam, SpamAssassin (score=20.3, required 5,
>         BAYES_80 2.86, BULK_EMAIL 1.84, COMPLETELY_FREE 1.10, DCC_CHECK 2.63,
>         FROM_NUM_AT_WEBMAIL 2.90, HTML_30_40 0.63, HTML_FONT_BIG 0.22,
>         HTML_FONT_COLOR_RED 0.10, HTML_WEB_BUGS 0.10,
>         HTTP_USERNAME_USED 0.66, LOW_INTEREST 2.29, MIME_HTML_ONLY 0.10,
>         NORMAL_HTTP_TO_IP 0.70, THE_BEST_RATE 2.93, USERPASS 1.30)
> X-MailScanner-rsys001x-SpamScore: ssssssssssssssssssss
>
> Hope this helps
>
> Dean Plant.
>
>
> -----Original Message-----
> From: James Pifer [mailto:mailscannerlist at TNJINFL.COM]
> Sent: 27 August 2003 11:30
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Sudden surge in spam
>
>
> No, these aren't Sobigs. I've been getting those for a couple weeks and
> MailScanner has been tagging those. As a matter of fact I just changed
> Sobig to be silent last week, so I don't even see them now.
>
> The messages are like:
> I Can Show You How To Lose WeightZIJSDRL
> Take advantage of lower interest rates
> Get prescriptions overnight and online dulpbnez atjeq
>
> That's just 3 of the 8 I have in my inbox this morning. In the headers
> it has "X-MailScanner:Found to be clean". There are also about a dozen
> spams in the mailbox that MailScanner forwards spam to, so it's still
> working. Just don't understand why all of the sudden some is getting
> through.
>
> Thanks,
> James
>
> On Tue, 2003-08-26 at 21:46, Hack Hawk wrote:
> > Do the subjects of that spam contain phrases like "Wicked Screensaver" or
> > "My Details"?  You're probably starting to receive emails from SoBig
> > infected systems.
> >
> > All these emails were tagged as spam on my systems simply because .pif
> > attachments receive a +4 rating or something like that.  :)
> >
> > At 06:38 PM 8/26/03, James Pifer wrote:
> > >Got no responses on this. Anyone else have an increase of spam today? I
> > >had 9 this morning get into my Inbox and 5 more by this evening, but
> > >some are getting caught.
> > >
> > >Something I should be looking at specifically?
> > >
> > >Thanks,
> > >James
> > >
> > >On Tue, 2003-08-26 at 06:36, James Pifer wrote:
> > > > The last few days I've been getting a bit of spam each day, like one
> > > > maybe two messages on my main account. Then this morning I had 9 spams
> > > > in my inbox.
> > > >
> > > > Everything appears to be working normally as far as I can tell. I
> > > > restarted MailScanner just in case. I'm running:
> > > > MailScanner 4.21-9
> > > > SpamAssassin 2.55-1
> > > > Pyzor 0.4.0
> > > > Razor 2.34
> > > > F-Prot
> > > > ClamAV
> > > >
> > > > Anyone else seeing this?
> > > > What's the best way to tell if everything is working, maillog?
> > > > How can I tell that Pyzor and Razor are being used correctly?
> > > >
> > > > I know it's at least partially working since I have spam forwarded to a
> > > > specific mailbox, and it has new messages in it.
> > > >
> > > > Thanks,
> > > > James
>
> --
> Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell,
> Berkshire. RG12 8FZ
>
> The information contained in this e-mail and any attachments is confidential to
> Roke Manor Research Ltd and must not be passed to any third party without
> permission. This communication is for information only and shall not create or
> change any contractual relationship.

More information about the MailScanner mailing list