Sudden surge in spam

Plant, Dean dean.plant at ROKE.CO.UK
Wed Aug 27 12:25:32 IST 2003 

Make sure you have the below options enabled in /etc/MailScanner.conf if you
want to see detailed spam reports.

# Do you want the full spam report, or just a simple "spam / not spam"
report?
Detailed Spam Report = yes

# Do you want to include the numerical scores in the detailed SpamAssassin
# report, or just list the names of the scores
Include Scores In SpamAssassin Report = yes

Dean.

-----Original Message-----
From: James Pifer [mailto:mailscannerlist at TNJINFL.COM]
Sent: 27 August 2003 12:22
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Sudden surge in spam


Like a dummy, I deleted those emails in question from this morning. I'll
compare the next ones to the headers you sent. In header I looked at
this morning I don't remember seeing an X-MailScanner-SpamCheck, which
my messages marked as spam have. The next set I get in I'll check the
headers and not delete them... :-(

Thanks,
James

On Wed, 2003-08-27 at 06:42, Plant, Dean wrote:
> James,
>
> I am running a similar setup as you except im using DCC and not using
Pyzor..
>
> Here is a copy of a header for the "Take advantage of lower interest
rates" spam on my system.
>
> Subject: {Spam?} Take advantage of lower interest rates
> Date: Wed, 27 Aug 2003 06:28:14 -0400
> MIME-Version: 1.0
> Content-Type: text/html; charset="ISO-8859-1"
> X-Priority: 3
> X-Mailer: mxMAILPro
> Abuse2-Tracking: <cmRiQHJva2UuY28udWs=>
> X-MailScanner-rsys001x: Found to be clean
> X-MailScanner-rsys001x-SpamCheck: spam, SpamAssassin (score=20.3, required
5,
>         BAYES_80 2.86, BULK_EMAIL 1.84, COMPLETELY_FREE 1.10, DCC_CHECK
2.63,
>         FROM_NUM_AT_WEBMAIL 2.90, HTML_30_40 0.63, HTML_FONT_BIG 0.22,
>         HTML_FONT_COLOR_RED 0.10, HTML_WEB_BUGS 0.10,
>         HTTP_USERNAME_USED 0.66, LOW_INTEREST 2.29, MIME_HTML_ONLY 0.10,
>         NORMAL_HTTP_TO_IP 0.70, THE_BEST_RATE 2.93, USERPASS 1.30)
> X-MailScanner-rsys001x-SpamScore: ssssssssssssssssssss
>
> Hope this helps
>
> Dean Plant.
>
>
> -----Original Message-----
> From: James Pifer [mailto:mailscannerlist at TNJINFL.COM]
> Sent: 27 August 2003 11:30
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Sudden surge in spam
>
>
> No, these aren't Sobigs. I've been getting those for a couple weeks and
> MailScanner has been tagging those. As a matter of fact I just changed
> Sobig to be silent last week, so I don't even see them now.
>
> The messages are like:
> I Can Show You How To Lose WeightZIJSDRL
> Take advantage of lower interest rates
> Get prescriptions overnight and online dulpbnez atjeq
>
> That's just 3 of the 8 I have in my inbox this morning. In the headers
> it has "X-MailScanner:Found to be clean". There are also about a dozen
> spams in the mailbox that MailScanner forwards spam to, so it's still
> working. Just don't understand why all of the sudden some is getting
> through.
>
> Thanks,
> James
>
> On Tue, 2003-08-26 at 21:46, Hack Hawk wrote:
> > Do the subjects of that spam contain phrases like "Wicked Screensaver"
or
> > "My Details"?  You're probably starting to receive emails from SoBig
> > infected systems.
> >
> > All these emails were tagged as spam on my systems simply because .pif
> > attachments receive a +4 rating or something like that.  :)
> >
> > At 06:38 PM 8/26/03, James Pifer wrote:
> > >Got no responses on this. Anyone else have an increase of spam today? I
> > >had 9 this morning get into my Inbox and 5 more by this evening, but
> > >some are getting caught.
> > >
> > >Something I should be looking at specifically?
> > >
> > >Thanks,
> > >James
> > >
> > >On Tue, 2003-08-26 at 06:36, James Pifer wrote:
> > > > The last few days I've been getting a bit of spam each day, like one
> > > > maybe two messages on my main account. Then this morning I had 9
spams
> > > > in my inbox.
> > > >
> > > > Everything appears to be working normally as far as I can tell. I
> > > > restarted MailScanner just in case. I'm running:
> > > > MailScanner 4.21-9
> > > > SpamAssassin 2.55-1
> > > > Pyzor 0.4.0
> > > > Razor 2.34
> > > > F-Prot
> > > > ClamAV
> > > >
> > > > Anyone else seeing this?
> > > > What's the best way to tell if everything is working, maillog?
> > > > How can I tell that Pyzor and Razor are being used correctly?
> > > >
> > > > I know it's at least partially working since I have spam forwarded
to a
> > > > specific mailbox, and it has new messages in it.
> > > >
> > > > Thanks,
> > > > James
>
> --
> Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury,
Bracknell,
> Berkshire. RG12 8FZ
>
> The information contained in this e-mail and any attachments is
confidential to
> Roke Manor Research Ltd and must not be passed to any third party without
> permission. This communication is for information only and shall not
create or
> change any contractual relationship.

--
Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell,
Berkshire. RG12 8FZ

The information contained in this e-mail and any attachments is confidential to
Roke Manor Research Ltd and must not be passed to any third party without
permission. This communication is for information only and shall not create or
change any contractual relationship.

More information about the MailScanner mailing list