Some spam getting through for some odd reason
Damian Mendoza
damian at WORKGROUPSOLUTIONS.COM
Mon Jul 14 19:15:29 IST 2003
Kevin,
Thanks for the feedback - I now believe that the message was scanned, but did not score high enough to be displayed as SPAM in my logs or the header of the message. It was a strange message with a lot of misspelled words.
Regards,
Damian
-----Original Message-----
From: Kevin Spicer [mailto:kevins at BMRB.CO.UK]
Sent: Sunday, July 13, 2003 2:13 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Some spam getting through for some odd reason
>On Sun, 2003-07-13 at 21:35, Damian Mendoza wrote:
>You are correct as it does not match. The spam check should be for
>[32466] I believe.
I'm not sure that we are clear whats going on. I've split your supplied
log up to show the progress of the message incorrectly delivered
(h6A04Q9F032454) and ignoring the other correctly processed message
(h6A04Q9G032454) (note the single character difference - G not F)
MESSAGE h6A04Q9F032454 (incorrectly delivered without scanning)
<start>
Jul 9 17:04:27 spamgate sendmail[32454]: h6A04Q9F032454:
from=<swims-blew at kroc.com>, size=2207, class=0, nrcpts=1,
msgid=<2730416505.01380945810856 at kroc.com>, proto=ESMTP, daemon=MTA,
relay=gateway.svusd.k12.ca.us [198.188.250.254]
Jul 9 17:04:27 spamgate sendmail[32454]: h6A04Q9F032454:
to=<chuw at svusd.k12.ca.us>, delay=00:00:00, mailer=esmtp, pri=30531,
stat=queued
Jul 9 17:04:31 spamgate MailScanner[26052]: Unscanned: Delivered 1
messages
Jul 9 17:04:32 spamgate sendmail[32466]: h6A04Q9F032454:
to=<chuw at svusd.k12.ca.us>, delay=00:00:05, xdelay=00:00:01,
mailer=esmtp, pri=120531, relay=[10.1.254.3] [10.1.254.3], dsn=2.0.0,
stat=Sent ( <2730416505.01380945810856 at kroc.com> Queued mail for
delivery)
<end>
There must be a reason why MS is ignoring these messages. It looks like
the sender forged the server HELO to use a name in your domain (the name
and IP don't resolve to each other). If you are whitelisting based on
domain, or have virus checking turned off for some mail (maybe
'outgoing'?) then this may explain the behaviour. Could you post your
various rulesets and the values for 'Virus Scanning' and 'Spam Checks'
from MailScanner.conf?
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
More information about the MailScanner
mailing list