Some spam getting through for some odd reason

Sun Jul 13 20:30:41 IST 2003

The following is an example of a SPAM message being delivered to an end user when the action is delete. You can see the message was delivered to the end user without the SPAM header information. Message ID "h6A04Q9F032454"

Maillog file:

Jul  9 17:04:27 spamgate sendmail[32454]: h6A04Q9F032454: from=<swims-blew at kroc.com>, size=2207, class=0, nrcpts=1, msgid=<2730416505.01380945810856 at kroc.com>, proto=ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254]
Jul  9 17:04:27 spamgate sendmail[32454]: h6A04Q9F032454: to=<chuw at svusd.k12.ca.us>, delay=00:00:00, mailer=esmtp, pri=30531, stat=queued
Jul  9 17:04:27 spamgate sendmail[32454]: h6A04Q9G032454: from=<optindeals-yh at para3ds.com>, size=6546, class=0, nrcpts=1, msgid=<1057795388.2242 at 64.119.200.139.impro6.com>, proto=ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254]
Jul  9 17:04:27 spamgate sendmail[32454]: h6A04Q9G032454: to=<garciat at svusd.k12.ca.us>, delay=00:00:00, mailer=esmtp, pri=30487, stat=queued
Jul  9 17:04:29 spamgate MailScanner[26052]: New Batch: Forwarding 2 unscanned messages, 9748 bytes 
Jul  9 17:04:29 spamgate MailScanner[26052]: Spam Checks: Starting 
Jul  9 17:04:30 spamgate MailScanner[26052]: Message h6A04Q9G032454 from 198.188.250.254 (para3ds.com) to svusd.k12.ca.us is spam, SpamAssassin (score=15.8, required 4, BAYES_80, DCC_CHECK, EXCUSE_1, EXCUSE_19, EXCUSE_3, HIDE_WIN_STATUS, HTML_70_80, HTML_IMAGE_ONLY_06, HTML_TAG_EXISTS_TBODY, HTML_WEB_BUGS, MIME_HEADER_CTYPE_ONLY, MIME_HTML_ONLY, NORMAL_HTTP_TO_IP, OFFER, OFFERS_ETC, RECEIVE_OFFER) 
Jul  9 17:04:31 spamgate MailScanner[26052]: Spam Checks: Found 1 spam messages 
Jul  9 17:04:31 spamgate MailScanner[26052]: Spam Actions: message h6A04Q9G032454 actions are delete 
Jul  9 17:04:31 spamgate MailScanner[26052]: Unscanned: Delivered 1 messages 
Jul  9 17:04:31 spamgate MailScanner[26052]: Virus and Content Scanning: Starting 
Jul  9 17:04:32 spamgate sendmail[32466]: h6A04Q9F032454: to=<chuw at svusd.k12.ca.us>, delay=00:00:05, xdelay=00:00:01, mailer=esmtp, pri=120531, relay=[10.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <2730416505.01380945810856 at kroc.com> Queued mail for delivery)

Header Information from Message:

by spamgate.spamgate.us (8.12.5/8.12.5) with ESMTP id h6A04Q9F032454
 for <chuw at svusd.k12.ca.us>; Wed, 9 Jul 2003 17:04:27 -0700
Received: from 24.203.227.247 ([24.203.227.247]) by gateway.svusd.k12.ca.us with SMTP id <119056>; Wed, 9 Jul 2003 14:04:29 -1000
Date:  Thu, 10 Jul 2003 14:34:01 GMT
From: Vballoons Gballota <swims-blew at kroc.com>
To: chuw at svusd.k12.ca.us
X-Priority: 3 (Normal)
Message-ID: <2730416505.01380945810856 at kroc.com>
Subject: Young gays (C76M6ZQUON below)
MIME-Version: 1.0
Content-type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Accept-Language: en-us, en
X-Mailer: Gnus v5.7/Emacs 20.17
X-Priority: 3 (Normal)
Return-Path: swims-blew at kroc.com
X-OriginalArrivalTime: 10 Jul 2003 00:04:36.0100 (UTC) FILETIME=[D9394440:01C34676]

Any ideas?

Thanks,

Damian

-----Original Message-----
From: penguin [mailto:penguin at DHCP.NET]
Sent: Friday, July 11, 2003 4:18 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Some spam getting through for some odd reason

Heya,

I occasionally seem to get a spam E-mail that gets through without being
checked
properly. If I manually pipe it through SpamAssassin, it scores unusually
high
(39.90!). Even so, both of my spam 'actions' are set to 'delete' in the
MailScanner
configuration file. Also, the E-mail lacks the MailScanner and SpamAssassin
headers
altogether..? Oddly, I don't see it in my mail.log either.

Any ideas, suggestions?

-- Arnim

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.