Fwd: WINNING NOTIFICATION /FINAL NOTICE

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Tue Jun 22 08:58:37 IST 2004


Craig

make sure you have your custom rules in /etc/mail/spamassassin AND the
files are readable by the MailScanner user.
How are you calling SA from MailScanner? Why both SA and MS headers in
there??

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Craig Daters wrote:
> Can anyone tell me why MailScanner found this message to be clean
> when SpamAssassin obviously did not? Where in my MailScanner config
> can I change this? MailScanner gave this message a score of 6.8
> according to MailWatch, and SpamAssassin gave it 20.5
>
> Offending message follows:
>
>> Return-Path: <newwaveslotto73 at bigpond.com>
>> Received: from mta06ps.bigpond.com (mta06ps.bigpond.com [144.135.25.160])
>>       by elrond.westpress.com (8.12.8/8.12.8) with ESMTP id
>> i5LJmbA6020608
>>       for <craig at westpress.com>; Mon, 21 Jun 2004 12:48:38 -0700
>> Received: from lerc-daemon.mta06ps.email.bigpond.com by
>>  mta06ps.email.bigpond.com
>>  (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
>>  id <0HZO00IE58YII3 at mta06ps.email.bigpond.com> for
>> craig at westpress.com; Tue,
>>  22 Jun 2004 04:35:16 +1000 (EST)
>> Received: from email.bigpond.com ([172.26.103.22]) by
>> mta06ps.email.bigpond.com
>>  (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
>>  with ESMTP id <0HZO006ES8YBSV at mta06ps.email.bigpond.com>; Tue,
>>  22 Jun 2004 04:34:59 +1000 (EST)
>> Received: from [192.168.115.149] (Forwarded-For: 62.177.137.205)
>>  by mailms13ps.email.bigpond.com (mshttpd); Mon, 21 Jun 2004 20:34:59
>> +0200
>> Date: Mon, 21 Jun 2004 20:34:59 +0200
>> From: newwaveslotto73 <newwaveslotto73 at telstra.com>
>> Subject: WINNING NOTIFICATION /FINAL NOTICE
>> Message-id: <279b8932797417.2797417279b893 at email.bigpond.com>
>> MIME-version: 1.0
>> X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.26 (built Mar 31 2004)
>> Content-type: text/plain; charset=us-ascii
>> Content-language: en
>> Content-transfer-encoding: 7BIT
>> Content-disposition: inline
>> X-Accept-Language: en
>> Priority: normal
>> X-WestPress-MailScanner: Found to be clean
>> X-WestPress-MailScanner-SpamScore: ssssss
>> X-Spam-DCC: :
>> X-Spam-Flag: YES
>> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
>> elrond.westpress.com
>> X-Spam-Level: ********************
>> X-Spam-Status: Yes, hits=20.5 required=7.5 tests=BIZ_TLD,BigEvilList_143,
>>       BigEvilList_RX,BigEvilList_infob,DOMAIN_4U2,FROM_ENDS_IN_NUMS,
>>       HOT_NASTY,J_CHICKENPOX_12,J_CHICKENPOX_16,J_CHICKENPOX_22,
>>       J_CHICKENPOX_42,J_CHICKENPOX_45,LINES_OF_YELLING,MAILTO_TO_REMOVE,
>>
>> MAILTO_TO_SPAM_ADDR,SARE_HTML_URI_ATWWW,SARE_TOCC_NONE,SUBJ_ALL_CAPS,
>>       TW_JJ,TW_JL,TW_MK,TW_MV,TW_SG,TW_TB,TW_VK,TW_VZ,USERPASS,USER_4U2
>>       autolearn=no version=2.63
>> X-Spam-Report:
>>       *  0.9 FROM_ENDS_IN_NUMS From: ends in numbers
>>       *  0.1 TW_TB BODY: Odd Letter Triples with TB
>>       *  0.6 J_CHICKENPOX_22 BODY: {2}Letter - punctuation - {2}Letter
>>       *  0.6 J_CHICKENPOX_16 BODY: {1}Letter - punctuation - {6}Letter
>>       *  0.1 TW_MK BODY: Odd Letter Triples with MK
>>       *  0.1 TW_VK BODY: Odd Letter Triples with VK
>>       *  0.6 J_CHICKENPOX_42 BODY: {4}Letter - punctuation - {2}Letter
>>       *  0.1 TW_MV BODY: Odd Letter Triples with MV
>>       *  0.6 DOMAIN_4U2 BODY: Domain name containing a "4u" variant
>>       *  0.1 TW_VZ BODY: Odd Letter Triples with VZ
>>       *  0.1 TW_JJ BODY: Odd Letter Triples with JJ
>>       *  1.7 USER_4U2 BODY: Local part containing a "4u" variant
>>       *  0.1 TW_JL BODY: Odd Letter Triples with JL
>>       *  0.1 TW_SG BODY: Odd Letter Triples with SG
>>       *  0.0 HOT_NASTY BODY: Possible porn - Hot, Nasty, Wild, Young
>>       *  0.6 J_CHICKENPOX_12 BODY: {1}Letter - punctuation - {2}Letter
>>       *  0.6 J_CHICKENPOX_45 BODY: {4}Letter - punctuation - {5}Letter
>>       *  0.0 LINES_OF_YELLING BODY: A WHOLE LINE OF YELLING DETECTED
>>       *  1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely
>> spammer email
>>       *  3.1 USERPASS URI: URL contains username and (optional) password
>>       *  0.7 SARE_HTML_URI_ATWWW URI: Funny WWW address.
>>       *  0.0 MAILTO_TO_REMOVE URI: Includes a 'remove' email address
>>       *  0.8 BIZ_TLD URI: Contains a URL in the BIZ top-level domain
>>       *  3.0 BigEvilList_infob URI: Generated BigEvilList_infob
>>       *  3.0 BigEvilList_143 URI: Generated BigEvilList_143
>>       *  0.7 BigEvilList_RX URI: Domain ending in RX or Drug found.
>>       *  0.6 SUBJ_ALL_CAPS Subject is all capitals
>>       *  0.8 SARE_TOCC_NONE No To header found in email
>> Status:
>>
>>
>> annecard_cuba at yahoo.com.br, lopesmendes6 at hotmail.com,
>> transcor at cvtelecom.cv, moreiratony at hotmail.com,
>> electromec at cvtelecom.cv, lopescabral at hotmail.com,
>> anthonobel at yahoo.com, arlindo_veiga at mail.com,
>> arlindo_veiga at hotmail.com, amtavares-1960 at netcabo.pt,
>> artemisamarques at yahoo.com.br, artursemedo337 at hotmail.com,
>> crasyt197 at hotmail.com, jubarga51 at hotmail.com,
>> kizisoares at hotmail.com, beneditamendes at hotmail.com,
>> bnova at cvtelecom.cv, miuca21 at yahoo.com, creolacarla at yahoo.com,
>> daveigacarla at hotmail.com, carlossanches290 at hotmail.com,
>> anjos at cvtelecom.cv, djime at hotmail.com, baysceline at hotmail.com,
>> tchilacbeicker883 at hotmail.com, celitaaa at hotmail.com,
>> plata at cvtelecom.cv, teticuba at hotmail.com,
>> rentcarclassic at cvtelecom.cv, senaclaudia at hotmail.com,
>> capeverdebrownsugar at hotmail.com, confortes20 at hotmail.com,
>> csline-praia-cv at cvtelecom.cv, davidvarandinha at sapo.pt,
>> dtavares at cvtelecom.cv, danilsonfreire2 at hotmail.com,
>> paradelawilson at hotmail.com, kaiocesar at uai.com.br,
>> carolina_mendes at msn.com, t, ascheinberg at masseyservices.com,
>> stuartf at datacom.co.nz, jthompso at mbvlab.wpafb.af.mil,
>> afreyman at dsw.net, wallace.nathan at microlinear.com,
>> 59cobalt at planetcobalt.net, tgnovo at ig.com.br, , rsantos at fcsh.unl.pt,
>> mtvaz at ualg.pt, mixbrasil at uol.com, sanmac at servidor.unam.mx,
>> repc at servidor.unam.mx, jlseefoo at hotmail.com, cciamali at uol.com.br,
>> fcruz at uol.com.br, helenahirata99 at aol.com, elsonsp at rc.unesp.br
>
>
> [ Rest of message clipped ]
>
> --
> --
>
> Craig Daters (craig at westpress dot com)
> Systems Administrator
> West Press Printing
> 1663 West Grant Road
> Tucson, Arizona 85745-1433
>
> Tel: 520-624-4939
> Fax: 520-624-2715
>
> www.westpress.com
>
> --
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list