MailScanner delivering SPAM messages
Damian Mendoza
damian at WORKGROUPSOLUTIONS.COM
Thu Jul 10 17:40:53 IST 2003
Hi,
I'm starting to see messages that are marked as SPAM being delivered by MailScanner - (version 4.12-2.) This only happens occasionally - The majority of SPAM messages are not delivered, just deleted which is defined in spam.actions.rules file.
Any ideas?
Maillog File = Problem Message ID = h6A04Q9G032454
Jul 9 17:03:59 spamgate MailScanner[25750]: Spam Checks: Starting
Jul 9 17:04:00 spamgate MailScanner[25750]: Message h6A03u9F032449 from 198.188.250.254 (g.ss01.net) to svusd.k12.ca.us is spam, SpamAssassin (score=4.9, required 4, BAYES_10, DCC_CHECK, EXCUSE_1, REMOVE_PAGE)
Jul 9 17:04:00 spamgate MailScanner[25750]: Spam Checks: Found 1 spam messages
Jul 9 17:04:00 spamgate MailScanner[25750]: Spam Actions: message h6A03u9F032449 actions are delete
Jul 9 17:04:00 spamgate MailScanner[25750]: Virus and Content Scanning: Starting
Jul 9 17:04:27 spamgate sendmail[32454]: h6A04Q9F032454: from=<swims-blew at kroc.com>, size=2207, class=0, nrcpts=1, msgid=<2730416505.01380945810856 at kroc.com>, proto=ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254]
Jul 9 17:04:27 spamgate sendmail[32454]: h6A04Q9F032454: to=<chuw at svusd.k12.ca.us>, delay=00:00:00, mailer=esmtp, pri=30531, stat=queued
Jul 9 17:04:27 spamgate sendmail[32454]: h6A04Q9G032454: from=<optindeals-yh at para3ds.com>, size=6546, class=0, nrcpts=1, msgid=<1057795388.2242 at 64.119.200.139.impro6.com>, proto=ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254]
Jul 9 17:04:27 spamgate sendmail[32454]: h6A04Q9G032454: to=<garciat at svusd.k12.ca.us>, delay=00:00:00, mailer=esmtp, pri=30487, stat=queued
Jul 9 17:04:29 spamgate MailScanner[26052]: New Batch: Forwarding 2 unscanned messages, 9748 bytes
Jul 9 17:04:29 spamgate MailScanner[26052]: Spam Checks: Starting
Jul 9 17:04:30 spamgate MailScanner[26052]: Message h6A04Q9G032454 from 198.188.250.254 (para3ds.com) to svusd.k12.ca.us is spam, SpamAssassin (score=15.8, required 4, BAYES_80, DCC_CHECK, EXCUSE_1, EXCUSE_19, EXCUSE_3, HIDE_WIN_STATUS, HTML_70_80, HTML_IMAGE_ONLY_06, HTML_TAG_EXISTS_TBODY, HTML_WEB_BUGS, MIME_HEADER_CTYPE_ONLY, MIME_HTML_ONLY, NORMAL_HTTP_TO_IP, OFFER, OFFERS_ETC, RECEIVE_OFFER)
Jul 9 17:04:31 spamgate MailScanner[26052]: Spam Checks: Found 1 spam messages
Jul 9 17:04:31 spamgate MailScanner[26052]: Spam Actions: message h6A04Q9G032454 actions are delete
Jul 9 17:04:31 spamgate MailScanner[26052]: Unscanned: Delivered 1 messages
Jul 9 17:04:31 spamgate MailScanner[26052]: Virus and Content Scanning: Starting
Jul 9 17:04:32 spamgate sendmail[32466]: h6A04Q9F032454: to=<chuw at svusd.k12.ca.us>, delay=00:00:05, xdelay=00:00:01, mailer=esmtp, pri=120531, relay=[10.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <2730416505.01380945810856 at kroc.com> Queued mail for delivery)
Header Information = Message ID = h6A04Q9F032454 (No SPAM header information included - not sure why)
Microsoft Mail Internet Headers Version 2.0
Received: from spamgate.spamgate.us ([198.188.250.11]) by doexchange.svusd.net with Microsoft SMTPSVC(5.0.2195.5329);
Wed, 9 Jul 2003 17:04:36 -0700
Received: from svusd.k12.ca.us (gateway.svusd.k12.ca.us [198.188.250.254])
by spamgate.spamgate.us (8.12.5/8.12.5) with ESMTP id h6A04Q9F032454
for <chuw at svusd.k12.ca.us <mailto:chuw at svusd.k12.ca.us>>; Wed, 9 Jul 2003 17:04:27 -0700
Received: from 24.203.227.247 ([24.203.227.247]) by gateway.svusd.k12.ca.us with SMTP id <119056>; Wed, 9 Jul 2003 14:04:29 -1000
Date: Thu, 10 Jul 2003 14:34:01 GMT
From: Vballoons Gballota <swims-blew at kroc.com <mailto:swims-blew at kroc.com>>
To: chuw at svusd.k12.ca.us <mailto:chuw at svusd.k12.ca.us>
X-Priority: 3 (Normal)
Message-ID: <2730416505.01380945810856 at kroc.com <mailto:2730416505.01380945810856 at kroc.com>>
Subject: Young gays (C76M6ZQUON below)
MIME-Version: 1.0
Content-type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Accept-Language: en-us, en
X-Mailer: Gnus v5.7/Emacs 20.17
X-Priority: 3 (Normal)
Return-Path: swims-blew at kroc.com <mailto:swims-blew at kroc.com>
X-OriginalArrivalTime: 10 Jul 2003 00:04:36.0100 (UTC) FILETIME=[D9394440:01C34676]
Workgroup Solutions
20532 El Toro Rd, Suite 107
Mission Viejo, CA 92692
949 586-2200
Developers of SpamGate -
MXTreme - Stop SPAM at the Gateway with the MXTreme Appliance Stop SPAM today at the Gateway!
PacketShaper - Bandwidth Management for your network
Centurion Guard - Write protect your desktop computers
More information about the MailScanner
mailing list