High scored spam still slipped through

Remco Barendse mailscanner at BARENDSE.TO
Fri Mar 12 09:47:52 GMT 2004


Sorry for replying to may own mail but I'm VERY annoyed.

Every high scoring e-mail is blocked properly by MailScanner and forwarded
to the designated mail address but these bastards seem to have found a way
to punch through MailScanner. We are seeing lots of those annoying
messages slipping through regardless of how high their score is.

Is anybody else seeing this behaviour? I have this on 3 different servers.

I have a df/qf pair of the original mail available as received if it would
be of any help.

Thanks!
Remco


On Thu, 11 Mar 2004, Remco Barendse wrote:

> This morning I received a spam mail that slipped through.
>
> For low scoring spam I do striphtml deliver
> high scoring spam : delete forward postmarter
>
> The mail was tagged correctly with spam but the html was not stripped and
> the mail was not deleted. This is the header of the mail from the client
> (Outlook under Exchange).
>
> My spam high score limit is set to 8, this mail scores way above that and
> also there is no mentioning of any whitelisting.
>
> Ideas anyone?
>
> Microsoft Mail Internet Headers Version 2.0
> Received: from x.x.x ([10.1.0.6]) by x.x.x with Microsoft SMTPSVC(5.0.2195.6713);
>        Wed, 10 Mar 2004 21:31:16 +0100
> Received: from maildrop10.xs4all.nl (maildrop10.xs4all.nl
> [194.109.127.140])
>       by x.x.x (8.12.8/8.12.8) with ESMTP id i2AKUlSM012175
>       for <x at x>; Wed, 10 Mar 2004 21:30:49 +0100
> Received: from mxzilla1.xs4all.nl (mxzilla1.xs4all.nl [194.109.24.201])
>       by maildrop10.xs4all.nl (8.12.9/8.12.6) with ESMTP id
> i2AKUlXg056775
>       for <x at x>; Wed, 10 Mar 2004 21:30:47 +0100 (CET)
> Received: from facemolality.com ([216.52.222.110])
>       by mxzilla1.xs4all.nl (8.12.10/8.12.10) with SMTP id
> i2AKUjum084354
>       for <x at x>; Wed, 10 Mar 2004 21:30:46 +0100 (CET)
> Message-Id: <200403102030.i2AKUjum084354 at mxzilla1.xs4all.nl>
> To: <x at x>
> From: Janet White <JanetWhite at facemolality.com>
> Reply-To: <JanetWhite at facemolality.com>
> Date: Wed, 10 Mar 2004 12:30:51 -0800
> X-Mailer: Microsoft Outlook Express 5.01.2764.4667
> MIME-version: 1.0
> Content-type: Text/HTML
> Subject: {Spam?} Record everything using stealth technology
> X-ecemgw-MailScanner-Information: Please contact the ISP for more
> information
> X-gw-MailScanner: Found to be clean
> X-gw-MailScanner-SpamCheck: spam, SpamAssassin (score=12.809, required
> 6,
>       BAYES_99 5.40, FORGED_MUA_OUTLOOK 2.57, FORGED_OUTLOOK_TAGS 1.00,
>       HTML_IMAGE_ONLY_04 1.00, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32,
>       RCVD_IN_NJABL 0.10, RCVD_IN_NJABL_SPAM 1.21, RCVD_IN_SBL 1.11)
> X-gw-MailScanner-SpamScore: ssssssssssss
> X-MailScanner-From: janetwhite at facemolality.com
> Return-Path: JanetWhite at facemolality.com
> X-OriginalArrivalTime: 10 Mar 2004 20:31:16.0293 (UTC)
> FILETIME=[A3267750:01C406DE]
>
>



More information about the MailScanner mailing list