Mail with spam and score 50 still delivered?

Remco Barendse mailscanner at BARENDSE.TO
Thu Oct 9 08:24:33 IST 2003 

Nobody else seeing this behaviour, we are still getting quite some spam
mails with extremely high scores that should not have made it past the
scoring rules, but still get delivered.

This mail did get tagged with {Spam} but somehow the high scoring spam
action is not triggered.

This is the header from another mail that got through:
X-MailScanner-SpamCheck: spam, SpamAssassin (score=27.2, required 6,
        CLICK_BELOW 0.00, CLICK_TO_REMOVE_1 1.10, DATE_SPAMWARE_Y2K 4.40,
        DNS_FROM_RFCI_DSN 1.39, EXCUSE_10 0.14, EXCUSE_14 0.15,
        EXCUSE_15 0.71, EXCUSE_3 0.10, FORGED_MUA_OUTLOOK 1.58,
        FORGED_OUTLOOK_HTML 1.10, FORGED_RCVD_NET_HELO 3.02, FREE_QUOTE
2.80,
        FROM_ENDS_IN_NUMS 0.87, FRONTPAGE 1.63, HTML_50_60 0.18,
        HTML_FONTCOLOR_BLUE 0.10, HTML_FONTCOLOR_RED 0.10,
        HTML_FONTCOLOR_UNSAFE 0.10, HTML_FONT_BIG 0.10,
        HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.10,
        MIME_HTML_ONLY_MULTI 1.10, MISSING_MIMEOLE 1.15, NO_REAL_NAME
0.28,
        OFFERS_ETC 0.20, SAVINGS 0.40, WE_HONOR_ALL 4.30)
X-MailScanner-SpamScore: sssssssssssssssssssssssssss


On Tue, 7 Oct 2003, Remco Barendse wrote:

> Today one of my users received two identical e-mails (with subject
> Mortgage rates just got better 3.55% Fixed).
>
> One e-mail was filtered out correctly although with a very weird message
> in the spam score at the bottom of the scored rules (spam (blacklisted)).
> Nothing in that e-mail would match my blacklisting rules!
>
> Anybody else seeing this behaviour? I have my max score set to 9 and the
> other e-mail got blocked (possibly only because it was marked blacklisted
> altho I don't know why) but this e-mail got through.
>
> This the header from the mail that made it through (Exchange header):
>
> From: "" <drflojosi at spray.se>
> Reply-To: "" <drflojosi at spray.se>
> To: <xxx at xxx>
> Subject: {Spam?} xxxxx,Mortgage rates just got better 3.55% Fixed
> Date: Tue, 07 Oct 03 02:55:35 GMT
> X-Mailer: Microsoft Outlook, Build 10.0.2616
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>       boundary=".BE9.DB781B6"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-MailScanner-Information: Please contact the ISP for more information
> X-MailScanner: Found to be clean
> X-MailScanner-SpamCheck: spam, SpamAssassin (score=50.249, required 6,
>       BAD_CREDIT 0.16, BANG_MORE 1.17, CLICK_BELOW_CAPS 0.57,
>       CONSOLIDATE_DEBT 4.30, DATE_IN_FUTURE_03_06 2.83,
>       DATE_SPAMWARE_Y2K 4.40, DCC_CHECK 1.81, EXCUSE_14 0.15,
>       FORGED_MUA_OUTLOOK 1.58, FORGED_OUTLOOK_HTML 1.10,
>       FORGED_RCVD_NET_HELO 3.02, FRONTPAGE 1.63, HTML_90_100 1.07,
>       HTML_FONTCOLOR_BLUE 0.10, HTML_FONTCOLOR_RED 0.10,
>       HTML_FONTCOLOR_UNSAFE 0.10, HTML_FONT_BIG 0.10,
>       HTML_LINK_CLICK_CAPS 0.50, HTML_LINK_CLICK_HERE 0.10,
>       HTML_MESSAGE 0.00, HTML_TAG_BALANCE_HTML 0.41, LOW_PAYMENT 1.26,
>       MAILTO_TO_SPAM_ADDR 1.05, MIME_HTML_ONLY 0.10,
>       MIME_HTML_ONLY_MULTI 1.10, MISSING_MIMEOLE 1.15, MORTGAGE_PITCH
> 1.54,
>       MORTGAGE_RATES 1.10, NO_REAL_NAME 0.28, RCVD_IN_BL_SPAMCOP_NET
> 2.25,
>       RCVD_IN_DSBL 1.10, RCVD_IN_NJABL 0.10, RCVD_IN_NJABL_PROXY 1.10,
>       RCVD_IN_OPM 4.30, RCVD_IN_OPM_HTTP 4.30, RCVD_IN_OPM_HTTP_POST
> 4.30)
> X-MailScanner-SpamScore:
> ssssssssssssssssssssssssssssssssssssssssssssssssss
> Return-Path: drflojosi at spray.se
> X-OriginalArrivalTime: 06 Oct 2003 21:02:51.0727 (UTC)
> FILETIME=[3479BDF0:01C38C4D]
>
>
>

More information about the MailScanner mailing list