Spam mail undetected.
Michele Neylon :: Blacknight Solutions
michele at BLACKNIGHTSOLUTIONS.COM
Tue Nov 18 10:43:08 GMT 2003
In your MailScanner.conf which RBLs have you set?
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknightsolutions.ie/
http://www.search.ie/
Tel. + 353 (0)59 9139897
Lowest price domains in Ireland
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Plant, Dean
> Sent: 18 November 2003 10:35
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Spam mail undetected.
>
>
> Only the standard RBL's that MailScanner/Spamassassin use. Our
> current setup seems to work great identifying about 4k spam
> messages out of 12.5K messages a day. This message seems to be a
> 1-off, quite offensive porn mail that gets through the system.
>
> Dean.
>
> -----Original Message-----
> From: Michele Neylon :: Blacknight Solutions
> [mailto:michele at BLACKNIGHTSOLUTIONS.COM]
> Sent: 18 November 2003 10:23
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Spam mail undetected.
>
> Are you using any RBLs?
>
> Mr. Michele Neylon
> Blacknight Internet Solutions Ltd
> http://www.blacknightsolutions.ie/
> http://www.search.ie/
> Tel. + 353 (0)59 9139897
> Lowest price domains in Ireland
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > Behalf Of Plant, Dean
> > Sent: 18 November 2003 10:19
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Spam mail undetected.
> >
> >
> > Hello list
> >
> > Currently using:
> >
> > MailScanner 4.21-9
> > Redhat 8.0
> > Sendmail
> > F-prot
> > ClamAV
> > Dcc 1.214
> > Razor 2.36
> > SpamAssassin 2.6
> >
> > I have a user that is receiving a porn spam mail on a daily
> > occurrence that
> > is not being picked up by MailScanner/Spamassassin.
> >
> > The mail seems to consist only of an HTML image and comes from
> a different
> > IP address every time. I have fed the missed mails into the Spamassassin
> > database using sa-learn but the mails still pass through.
> >
> > Are there any changes I can make to help stop this type of
> mail? (3 Sample
> > Headers Below).
> >
> > Thanks in advance
> >
> > Dean Plant
> >
> > Sample Header 1
> >
> > Received: from mail.ielectoral.com (ip-206-169-149-87.relia-network.net
> > [206.169.149.87] (may be forged))
> > by rsys001x.roke.co.uk (8.12.8/8.12.8) with ESMTP id
> > hAI1vPoE013167
> > for <xxxxx.xxxxx at roke.co.uk>; Tue, 18 Nov 2003 01:57:26 GMT
> > Message-Id: <200311180157.hAI1vPoE013167 at rsys001x.roke.co.uk>
> > Received: by mail.ielectoral.com; Mon, 17 Nov 2003 18:51:33 -0700
> > (envelope-from <xxxxx.xxxxx at igigantic.com>)
> > X-Mailer: PowerMail v7018439
> > Content-Type: multipart/alternative;
> boundary="----=_Lksi8rwBA_ojetw3g_E"
> > Subject: Hey dude
> > MIME-Version: 1.0
> > From: "Brian" <xxxxx.xxxxx at igigantic.com>
> > To: xxxxx.xxxxx at roke.co.uk
> > Date: Mon, 17 Nov 2003 18:51:33 -0700
> > X-MailScanner-rsys001x: Found to be clean
> > X-MailScanner-rsys001x-SpamCheck: not spam, SpamAssassin (score=2.134,
> > required 5, BAYES_44 -0.00, HTML_70_80 0.10, HTML_IMAGE_ONLY_02
> > 1.23,
> > HTML_MESSAGE 0.10, MSGID_FROM_MTA_HEADER 0.70)
> > X-MailScanner-rsys001x-SpamScore: ss
> >
> > Sample Header 2
> >
> > Received: from mail.inumberone.com (el-2-mx-111.relia-network.net
> > [216.190.157.111])
> > by rsys001x.roke.co.uk (8.12.8/8.12.8) with ESMTP id
> > hAGMw0oF029554
> > for <xxxxx.xxxxx at roke.co.uk>; Sun, 16 Nov 2003 22:58:00 GMT
> > Message-Id: <200311162258.hAGMw0oF029554 at rsys001x.roke.co.uk>
> > Received: by mail.inumberone.com; Sun, 16 Nov 2003 15:57:43 -0700
> > (envelope-from <xxxxx.xxxxx at ienough.com>)
> > X-Mailer: PowerMail v7018439
> > Content-Type: multipart/alternative;
> boundary="----=_Jnhd6HDt5_osk6GE4_B"
> > Subject: To be continued
> > MIME-Version: 1.0
> > From: "John" <xxxxx.xxxxx at ienough.com>
> > To: xxxxx.xxxxx at roke.co.uk
> > Date: Sun, 16 Nov 2003 15:57:43 -0700
> > X-MailScanner-rsys001x: Found to be clean
> > X-MailScanner-rsys001x-SpamCheck: not spam, SpamAssassin (score=1.905,
> > required 5, BAYES_44 -0.00, HTML_50_60 0.10, HTML_IMAGE_ONLY_04
> > 1.00,
> > HTML_MESSAGE 0.10, MSGID_FROM_MTA_HEADER 0.70)
> > X-MailScanner-rsys001x-SpamScore: s
> >
> > Sample Header 3
> >
> > Received: from mail.icommital.com (xo-3-mx-4.relia-network.net
> > [67.108.2.4])
> > by rsys001x.roke.co.uk (8.12.8/8.12.8) with ESMTP id
> > hAG3MPoE007214
> > for <xxxxx.xxxxx at roke.co.uk>; Sun, 16 Nov 2003 03:22:26 GMT
> > Message-Id: <200311160322.hAG3MPoE007214 at rsys001x.roke.co.uk>
> > Received: by mail.icommital.com; Sat, 15 Nov 2003 20:22:20 -0700
> > (envelope-from <xxxxx.xxxxx at transpondent.com>)
> > X-Mailer: PowerMail v7018439
> > Content-Type: multipart/alternative;
> boundary="----=_Y7urNjsLp_9is4Rntj_E"
> > Subject: Hey
> > MIME-Version: 1.0
> > From: "Jim" <xxxxx.xxxxx at transpondent.com>
> > To: xxxxx.xxxxx at roke.co.uk
> > Date: Sat, 15 Nov 2003 20:22:20 -0700
> > X-MailScanner-rsys001x: Found to be clean
> > X-MailScanner-rsys001x-SpamCheck: not spam, SpamAssassin (score=4.814,
> > required 5, BAYES_50 0.00, DCC_CHECK 2.91, HTML_50_60 0.10,
> > HTML_IMAGE_ONLY_04 1.00, HTML_MESSAGE 0.10,
> > MSGID_FROM_MTA_HEADER 0.70)
> > X-MailScanner-rsys001x-SpamScore: ssss
> >
> >
> > --
> > Registered Office: Roke Manor Research Ltd, Siemens House,
> > Oldbury, Bracknell,
> > Berkshire. RG12 8FZ
> >
> > The information contained in this e-mail and any attachments is
> > confidential to
> > Roke Manor Research Ltd and must not be passed to any third
> party without
> > permission. This communication is for information only and shall
> > not create or
> > change any contractual relationship.
> >
> >
>
>
> #########################################################
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material. If you have received this in error, please contact the
> sender and delete this message immediately. Disclosure, copying
> or other action taken in respect of this email or in
> reliance to it is prohibited.
>
> --
> Registered Office: Roke Manor Research Ltd, Siemens House,
> Oldbury, Bracknell,
> Berkshire. RG12 8FZ
>
> The information contained in this e-mail and any attachments is
> confidential to
> Roke Manor Research Ltd and must not be passed to any third party without
> permission. This communication is for information only and shall
> not create or
> change any contractual relationship.
>
>
#########################################################
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance to it is prohibited.
More information about the MailScanner
mailing list