spam mail not being tagged as spam

Julian Field mailscanner at ecs.soton.ac.uk
Sat Mar 29 11:50:54 GMT 2003 

MailScanner applies the same results to all recipients of a message, it
doesn't start duplicating messages. So if one recipient has whitelisted the
message, the whitelisted message will be delivered to all the recipients.

Spam addressed to multiple recipients is pretty rare these days, so I don't
consider it to be a major problem.

At 10:13 29/03/2003, you wrote:
>  I'm sorry if I caused you any headaches, but I just realized that one of
> the 4 recipients of this message is using IMAPAssassin and requested that
> all his mail be whitelisted. So I'm assuming MailScanner is whitelisting
> this message for all recipients, is this correct?  If so is there a work
> around for this?  I'm using 'To:  recipients_name' in the whitelist file.
>
>Lou.
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: Friday, March 28, 2003 2:49 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: spam mail not being tagged as spam
>
>
>At 19:36 28/03/2003, you wrote:
> >Julian,
> >
> >  Can you please enlighten me.  Here is text from my maillog file.
>
>The from address in your log file matches with what you are whitelisting.
>Strange.
>Anyone experiencing similar problems? Have I broken the code?
>
>
> >Lou.
> >
> >Mar 28 13:29:17 crl-mail sendmail[5103]: h2SISo18005103:
> >from=<dommknotsvnub at yahoo.com>, size=3135, class=0, nrcpts=5, msgid=<000810
> >a1ac07$aec62805$20222223 at saxpqrv.quk>, proto=SMTP, daemon=MTA,
> >relay=dsl-200-67-152-155.prodigy.net.mx [200.67.152.155]
> >Mar 28 13:29:18 crl-mail MailScanner[32600]: New Batch: Scanning 1
> >messages, 3804 bytes
> >Mar 28 13:29:18 crl-mail MailScanner[32600]: Spam Checks: Starting
> >Mar 28 13:29:19 crl-mail sendmail[5133]: h2SIT818005124:
> >to=<kcarey at alum.mit.edu>, delay=00:00:11, xdelay=00:00:06, mailer=esmtp, pr
> >i=121423, relay=alum.mit.edu. [18.7.21.81], dsn=2.0.0, stat=Sent
> >(h2SITIpL002127 Message accepted for delivery)
> >Mar 28 13:29:19 crl-mail MailScanner[32600]: Virus and Content Scanning:
> >Starting
> >Mar 28 13:29:19 crl-mail MailScanner[32600]: Uninfected: Delivered 1
> messages
> >Mar 28 13:29:19 crl-mail sendmail[5141]: h2SISo18005103: h2SITJK3005141:
> >clone: owner=owner-gbtc at quabbin.crl.dec.com
> >Mar 28 13:29:20 crl-mail sendmail[5141]: h2SISo18005103:
> >to=Simon.Kasif at compaq.com,jamey.hicks at compaq.com ,CRLProblems at compaq.com, d
> >elay=00:00:23, xdelay=00:00:01, mailer=esmtp, pri=240507,
> >relay=tayexg12.americas.cpqcorp.net. [16.103.130.103], dsn=2.0.0, stat=Sen
> >t ( <000810a1ac07$aec62805$20222223 at saxpqrv.quk> Queued mail for delivery)
> >Mar 28 13:29:25 crl-mail sendmail[5141]: h2SISo18005103:
> >to=herlihy at quabbin.crl.dec.com, delay=00:00:28, xdelay=00:00:05, mailer=esm
> >tp, pri=240507, relay=quabbin.crl.dec.com. [16.11.0.45], dsn=2.0.0,
> >stat=Sent (h2SITPf500106 Message accepted for delivery)
> >
> >
> >-----Original Message-----
> >From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
> >Sent: Friday, March 28, 2003 2:25 PM
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: Re: spam mail not being tagged as spam
> >
> >
> >Remember that MailScanner uses the envelope addresses in your maillog, and
> >not whatever happens to be in the headers.
> >
> >At 19:20 28/03/2003, you wrote:
> > >Julian,
> > >
> > >  I felt that was the case but I checked
> > > /etc/MailScanner/rules/spam.whitelist.rules first and it does not have
> > > anything with yahoo.com, 'dommknotsvnub at yahoo.com', entered.  Could I be
> > > looking at the wrong whitelist file?
> > >
> > >  I just received the following spam with the same whitelist message and
> > > again I have nothing pointing to hotmail.com
> > >
> > >Lou.
> > >
> > >
> > >email header info:
> > >=========================================================================
> > ==========
> > >MIME-Version: 1.0
> > >Content-Type: multipart/alternative;
> > >         boundary="3E..8F1_.B19_.0CCA"
> > >X-MailScanner: Found to be clean
> > >X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=13.2,
> > >         required 5, DATE_IN_FUTURE_03_06, FORGED_HOTMAIL_RCVD,
> > >         HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED,
> HTML_FONT_COLOR_UNSAFE,
> > >         HTML_FONT_COLOR_YELLOW, MAY_BE_FORGED, MIME_HTML_NO_CHARSET,
> > >         MIME_LONG_LINE_QP, MISSING_MIMEOLE, RCVD_IN_DSBL,
> > >         RCVD_IN_OSIRUSOFT_COM, SPAM_PHRASE_03_05, USER_AGENT_OE,
> > >         X_OSIRU_SPAM_SRC)
> > >Return-Path: SelanoX16R at hotmail.com
> > >X-OriginalArrivalTime: 28 Mar 2003 18:51:00.0349 (UTC)
> > >FILETIME=[F99D42D0:01C2F55A]
> > >
> > >--3E..8F1_.B19_.0CCA
> > >Content-Type: text/html
> > >Content-Transfer-Encoding: quoted-printable
> > >
> > >
> > >--3E..8F1_.B19_.0CCA--
> > >
> > >-----Original Message-----
> > >From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
> > >Sent: Friday, March 28, 2003 2:11 PM
> > >To: MAILSCANNER at JISCMAIL.AC.UK
> > >Subject: Re: spam mail not being tagged as spam
> > >
> > >
> > >Exactly as it says, it is in your MailScanner spam whitelist.
> > >
> > >At 19:00 28/03/2003, you wrote:
> > > >Hello,
> > > >
> > > >  After enabling the 'SpamAssassin Report' I now have the following
> > > > information. Can someone explain how SpamAssassin scores a 20 but
> > > > MailScanner states 'not spam'??
> > > >
> > > >Lou.
> > > >
> > > >mail header info:
> > > >=====================================================================
> ====
> > > ===============
> > > >Subject: {^} Teen Celebs - Totally Scandalous!
> > > >{^}                                5523-4
> > > >Date: Fri, 28 Mar 2003 09:33:38 +0900
> > > >MIME-Version: 1.0
> > > >Content-Type: multipart/mixed;
> > > >         boundary="----=_NextPart_000_00E5_68C85A6A.D2272A27"
> > > >X-Priority: 3
> > > >X-Mailer: AOL 7.0 for Windows US sub 118
> > > >Importance: Normal
> > > >X-MailScanner: Found to be clean
> > > >X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=20,
> > > >         required 5, BASE64_ENC_TEXT, BIG_FONT, FORGED_YAHOO_RCVD,
> > > HTML_50_70,
> > > >         HTML_WITH_BGCOLOR, MIME_MISSING_BOUNDARY, NASTY_GIRLS,
> > > NO_REAL_NAME,
> > > >         PORN_4, RCVD_FAKE_HELO_DOTCOM, RCVD_IN_DSBL, SPAM_PHRASE_00_01,
> > > >         SUBJ_HAS_SPACES, SUBJ_HAS_UNIQ_ID, TRACKER_ID, USER_AGENT_AOL)
> > > >Return-Path: dommknotsvnub at yahoo.com
> > > >X-OriginalArrivalTime: 28 Mar 2003 18:29:20.0112 (UTC)
> > > >FILETIME=[F29CD700:01C2F557]
> > > >
> > > >------=_NextPart_000_00E5_68C85A6A.D2272A27
> > > >Content-Type: text/html;
> > > >         charset="iso-8859-1"
> > > >Content-Transfer-Encoding: base6
> > >
> > >--
> > >Julian Field
> > >www.MailScanner.info
> > >Professional Support Services at www.MailScanner.biz
> > >MailScanner thanks transtec Computers for their support
> >
> >--
> >Julian Field
> >www.MailScanner.info
> >Professional Support Services at www.MailScanner.biz
> >MailScanner thanks transtec Computers for their support
>
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list