spam.actions.rules

Pentland G. g.pentland at soton.ac.uk
Mon Feb 23 14:50:47 GMT 2004 

All,

Just doing some testing with a few friendly guinea pig users and noticed
something not quite as I would expect.

In Mailscanner.conf

Spam Actions = /opt/local/mailscanner/etc/rules/spam.actions.rules

In spam.actions.rules

To:     gp397 at soton.ac.uk       delete
To:     g.pentland at soton.ac.uk  delete
To:     jw at soton.ac.uk          delete
To:     J.Watts at soton.ac.uk     delete
To:     eks at soton.ac.uk         delete
To:     E.K.Struzyna at soton.ac.uk        delete
To:     lb3 at soton.ac.uk         delete
To:     L.Williams at soton.ac.uk  delete
FromorTo:       default deliver

BUT...

Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
from=<acutebabe192kkoy at aol.com>, size=3898, class=0, nrcpts=5,
msgid=<000611d7be47$dab24652$21337435 at efvfxrq.qdi>, proto=SMTP,
daemon=MTA, relay=adsl-065-082-235-059.sip.btr.bellsouth.net
[65.82.235.59]
Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
to=<j.w.wan at soton.ac.uk>, delay=00:00:02, mailer=esmtp, pri=153898,
stat=queued
Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
to=<j.watts at soton.ac.uk>, delay=00:00:02, mailer=esmtp, pri=153898,
stat=queued
Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
to=<j.rafferty at soton.ac.uk>, delay=00:00:02, mailer=esmtp, pri=153898,
stat=queued
Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
to=<j.s.thomas at soton.ac.uk>, delay=00:00:02, mailer=esmtp, pri=153898,
stat=queued
Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
to=<j.e.cochrane at soton.ac.uk>, delay=00:00:02, mailer=esmtp, pri=153898,
stat=queued
Feb 23 14:01:01 mta2.sucs.soton.ac.uk MailScanner[22254]: Message
i1NE0s7s010428 from 65.82.235.59 (acutebabe192kkoy at aol.com) to
soton.ac.uk is spam, SpamAssassin (score=46.611, required 5, BIZ_TLD
0.78, CLICK_BELOW_CAPS 0.57, COMPLETELY_FREE 0.74, DATE_IN_FUTURE_03_06
2.83, EXCUSE_14 0.15, EXCUSE_16 0.17, FAKE_HELO_AOL 1.88,
FORGED_MUA_EUDORA 1.91, HTML_60_70 0.10, HTML_FONTCOLOR_RED 0.10,
HTML_FONT_BIG 0.10, HTML_IMAGE_ONLY_08 0.84, HTML_IMAGE_RATIO_06 0.32,
HTML_LINK_CLICK_CAPS 0.50, HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.00,
HTML_TAG_EXISTS_TBODY 0.10, MAILTO_TO_REMOVE 0.04, MAILTO_TO_SPAM_ADDR
1.05, MIME_HTML_ONLY 0.10, MSGID_OUTLOOK_INVALID 4.30,
MSGID_SPAM_99X9XX99 4.30, NO_REAL_NAME 0.28, RATWARE_HASH_DASH 4.30,
RCVD_FAKE_HELO_DOTCOM 1.35, RCVD_IN_BL_SPAMCOP_NET 2.25, RCVD_IN_DSBL
1.10, RCVD_IN_NJABL 0.10, RCVD_IN_NJABL_PROXY 1.10, RCVD_IN_OPM 4.30,
RCVD_IN_OPM_SOCKS 4.30, RCVD_IN_SORBS 0.10, RCVD_IN_SORBS_HTTP 1.10,
RCVD_IN_SORBS_SOCKS 1.10, REMOVE_SUBJ 0.05, SUBJ_HAS_SPACES 0.97,
SUBJ_HAS_UNIQ_ID 0.21, SUSPICIOUS_RECIPS 3.00) 
Feb 23 14:01:01 mta2.sucs.soton.ac.uk MailScanner[22254]: Spam Actions:
message i1NE0s7s010428 actions are deliver

and j.watts at soton.ac.uk received this despite the rule set above, is it
as simple as being case sensitive (I hope not).

Any ideas/advice would be most useful.

Gary

More information about the MailScanner mailing list