Some spam getting through for some odd reason

Damian Mendoza damian at WORKGROUPSOLUTIONS.COM
Mon Jul 14 19:15:29 IST 2003


Thanks for the feedback - I now believe that the message was scanned, but did not score high enough to be displayed as SPAM in my logs or the header of the message. It was a strange message with a lot of misspelled words.



-----Original Message-----
From: Kevin Spicer [mailto:kevins at BMRB.CO.UK]
Sent: Sunday, July 13, 2003 2:13 PM
Subject: Re: Some spam getting through for some odd reason

>On Sun, 2003-07-13 at 21:35, Damian Mendoza wrote:

>You are correct as it does not match. The spam check should be for
>[32466] I believe.

I'm not sure that we are clear whats going on.  I've split your supplied
log up to show the progress of the message incorrectly delivered
(h6A04Q9F032454) and ignoring the other correctly processed message
(h6A04Q9G032454)   (note the single character difference - G not F)

MESSAGE h6A04Q9F032454 (incorrectly delivered without scanning)

Jul  9 17:04:27 spamgate sendmail[32454]: h6A04Q9F032454:
from=<swims-blew at>, size=2207, class=0, nrcpts=1,
msgid=<2730416505.01380945810856 at>, proto=ESMTP, daemon=MTA, []

Jul  9 17:04:27 spamgate sendmail[32454]: h6A04Q9F032454:
to=<chuw at>, delay=00:00:00, mailer=esmtp, pri=30531,

Jul  9 17:04:31 spamgate MailScanner[26052]: Unscanned: Delivered 1

Jul  9 17:04:32 spamgate sendmail[32466]: h6A04Q9F032454:
to=<chuw at>, delay=00:00:05, xdelay=00:00:01,
mailer=esmtp, pri=120531, relay=[] [], dsn=2.0.0,
stat=Sent ( <2730416505.01380945810856 at> Queued mail for


There must be a reason why MS is ignoring these messages.  It looks like
the sender forged the server HELO to use a name in your domain (the name
and IP don't resolve to each other).  If you are whitelisting based on
domain, or have virus checking turned off for some mail (maybe
'outgoing'?) then this may explain the behaviour. Could you post your
various rulesets and the values for 'Virus Scanning' and 'Spam Checks'
from MailScanner.conf?

BMRB International
+44 (0)20 8566 5000
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our

More information about the MailScanner mailing list