Spam mail undetected.

Michele Neylon :: Blacknight Solutions michele at BLACKNIGHTSOLUTIONS.COM
Tue Nov 18 10:23:12 GMT 2003 

Are you using any RBLs?

Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknightsolutions.ie/
http://www.search.ie/
Tel. + 353 (0)59 9139897
Lowest price domains in Ireland

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Plant, Dean
> Sent: 18 November 2003 10:19
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Spam mail undetected.
>
>
> Hello list
>
> Currently using:
>
> MailScanner 4.21-9
> Redhat 8.0
> Sendmail
> F-prot
> ClamAV
> Dcc 1.214
> Razor 2.36
> SpamAssassin 2.6
>
> I have a user that is receiving a porn spam mail on a daily
> occurrence that
> is not being picked up by MailScanner/Spamassassin.
>
> The mail seems to consist only of an HTML image and comes from a different
> IP address every time. I have fed the missed mails into the Spamassassin
> database using sa-learn but the mails still pass through.
>
> Are there any changes I can make to help stop this type of mail? (3 Sample
> Headers Below).
>
> Thanks in advance
>
> Dean Plant
>
> Sample Header 1
>
> Received: from mail.ielectoral.com (ip-206-169-149-87.relia-network.net
> [206.169.149.87] (may be forged))
>         by rsys001x.roke.co.uk (8.12.8/8.12.8) with ESMTP id
> hAI1vPoE013167
>         for <xxxxx.xxxxx at roke.co.uk>; Tue, 18 Nov 2003 01:57:26 GMT
> Message-Id: <200311180157.hAI1vPoE013167 at rsys001x.roke.co.uk>
> Received: by mail.ielectoral.com; Mon, 17 Nov 2003 18:51:33 -0700
> (envelope-from <xxxxx.xxxxx at igigantic.com>)
> X-Mailer: PowerMail v7018439
> Content-Type: multipart/alternative; boundary="----=_Lksi8rwBA_ojetw3g_E"
> Subject: Hey dude
> MIME-Version: 1.0
> From: "Brian" <xxxxx.xxxxx at igigantic.com>
> To: xxxxx.xxxxx at roke.co.uk
> Date: Mon, 17 Nov 2003 18:51:33 -0700
> X-MailScanner-rsys001x: Found to be clean
> X-MailScanner-rsys001x-SpamCheck: not spam, SpamAssassin (score=2.134,
>         required 5, BAYES_44 -0.00, HTML_70_80 0.10, HTML_IMAGE_ONLY_02
> 1.23,
>         HTML_MESSAGE 0.10, MSGID_FROM_MTA_HEADER 0.70)
> X-MailScanner-rsys001x-SpamScore: ss
>
> Sample Header 2
>
> Received: from mail.inumberone.com (el-2-mx-111.relia-network.net
> [216.190.157.111])
>         by rsys001x.roke.co.uk (8.12.8/8.12.8) with ESMTP id
> hAGMw0oF029554
>         for <xxxxx.xxxxx at roke.co.uk>; Sun, 16 Nov 2003 22:58:00 GMT
> Message-Id: <200311162258.hAGMw0oF029554 at rsys001x.roke.co.uk>
> Received: by mail.inumberone.com; Sun, 16 Nov 2003 15:57:43 -0700
> (envelope-from <xxxxx.xxxxx at ienough.com>)
> X-Mailer: PowerMail v7018439
> Content-Type: multipart/alternative; boundary="----=_Jnhd6HDt5_osk6GE4_B"
> Subject: To be continued
> MIME-Version: 1.0
> From: "John" <xxxxx.xxxxx at ienough.com>
> To: xxxxx.xxxxx at roke.co.uk
> Date: Sun, 16 Nov 2003 15:57:43 -0700
> X-MailScanner-rsys001x: Found to be clean
> X-MailScanner-rsys001x-SpamCheck: not spam, SpamAssassin (score=1.905,
>         required 5, BAYES_44 -0.00, HTML_50_60 0.10, HTML_IMAGE_ONLY_04
> 1.00,
>         HTML_MESSAGE 0.10, MSGID_FROM_MTA_HEADER 0.70)
> X-MailScanner-rsys001x-SpamScore: s
>
> Sample Header 3
>
> Received: from mail.icommital.com (xo-3-mx-4.relia-network.net
> [67.108.2.4])
>         by rsys001x.roke.co.uk (8.12.8/8.12.8) with ESMTP id
> hAG3MPoE007214
>         for <xxxxx.xxxxx at roke.co.uk>; Sun, 16 Nov 2003 03:22:26 GMT
> Message-Id: <200311160322.hAG3MPoE007214 at rsys001x.roke.co.uk>
> Received: by mail.icommital.com; Sat, 15 Nov 2003 20:22:20 -0700
> (envelope-from <xxxxx.xxxxx at transpondent.com>)
> X-Mailer: PowerMail v7018439
> Content-Type: multipart/alternative; boundary="----=_Y7urNjsLp_9is4Rntj_E"
> Subject: Hey
> MIME-Version: 1.0
> From: "Jim" <xxxxx.xxxxx at transpondent.com>
> To: xxxxx.xxxxx at roke.co.uk
> Date: Sat, 15 Nov 2003 20:22:20 -0700
> X-MailScanner-rsys001x: Found to be clean
> X-MailScanner-rsys001x-SpamCheck: not spam, SpamAssassin (score=4.814,
>         required 5, BAYES_50 0.00, DCC_CHECK 2.91, HTML_50_60 0.10,
>         HTML_IMAGE_ONLY_04 1.00, HTML_MESSAGE 0.10,
>         MSGID_FROM_MTA_HEADER 0.70)
> X-MailScanner-rsys001x-SpamScore: ssss
>
>
> --
> Registered Office: Roke Manor Research Ltd, Siemens House,
> Oldbury, Bracknell,
> Berkshire. RG12 8FZ
>
> The information contained in this e-mail and any attachments is
> confidential to
> Roke Manor Research Ltd and must not be passed to any third party without
> permission. This communication is for information only and shall
> not create or
> change any contractual relationship.
>
>


#########################################################
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance to it is prohibited.

More information about the MailScanner mailing list