High scored spam still slipped through

Fri Mar 12 09:50:33 GMT 2004

At 09:47 12/03/2004, you wrote:
>Sorry for replying to may own mail but I'm VERY annoyed.
>
>Every high scoring e-mail is blocked properly by MailScanner and forwarded
>to the designated mail address but these bastards seem to have found a way
>to punch through MailScanner. We are seeing lots of those annoying
>messages slipping through regardless of how high their score is.
>
>Is anybody else seeing this behaviour? I have this on 3 different servers.
>
>I have a df/qf pair of the original mail available as received if it would
>be of any help.

Yes it would.

>Thanks!
>Remco
>
>
>On Thu, 11 Mar 2004, Remco Barendse wrote:
>
> > This morning I received a spam mail that slipped through.
> >
> > For low scoring spam I do striphtml deliver
> > high scoring spam : delete forward postmarter
> >
> > The mail was tagged correctly with spam but the html was not stripped and
> > the mail was not deleted. This is the header of the mail from the client
> > (Outlook under Exchange).
> >
> > My spam high score limit is set to 8, this mail scores way above that and
> > also there is no mentioning of any whitelisting.
> >
> > Ideas anyone?
> >
> > Microsoft Mail Internet Headers Version 2.0
> > Received: from x.x.x ([10.1.0.6]) by x.x.x with Microsoft
> SMTPSVC(5.0.2195.6713);
> >        Wed, 10 Mar 2004 21:31:16 +0100
> > Received: from maildrop10.xs4all.nl (maildrop10.xs4all.nl
> > [194.109.127.140])
> >       by x.x.x (8.12.8/8.12.8) with ESMTP id i2AKUlSM012175
> >       for <x at x>; Wed, 10 Mar 2004 21:30:49 +0100
> > Received: from mxzilla1.xs4all.nl (mxzilla1.xs4all.nl [194.109.24.201])
> >       by maildrop10.xs4all.nl (8.12.9/8.12.6) with ESMTP id
> > i2AKUlXg056775
> >       for <x at x>; Wed, 10 Mar 2004 21:30:47 +0100 (CET)
> > Received: from facemolality.com ([216.52.222.110])
> >       by mxzilla1.xs4all.nl (8.12.10/8.12.10) with SMTP id
> > i2AKUjum084354
> >       for <x at x>; Wed, 10 Mar 2004 21:30:46 +0100 (CET)
> > Message-Id: <200403102030.i2AKUjum084354 at mxzilla1.xs4all.nl>
> > To: <x at x>
> > From: Janet White <JanetWhite at facemolality.com>
> > Reply-To: <JanetWhite at facemolality.com>
> > Date: Wed, 10 Mar 2004 12:30:51 -0800
> > X-Mailer: Microsoft Outlook Express 5.01.2764.4667
> > MIME-version: 1.0
> > Content-type: Text/HTML
> > Subject: {Spam?} Record everything using stealth technology
> > X-ecemgw-MailScanner-Information: Please contact the ISP for more
> > information
> > X-gw-MailScanner: Found to be clean
> > X-gw-MailScanner-SpamCheck: spam, SpamAssassin (score=12.809, required
> > 6,
> >       BAYES_99 5.40, FORGED_MUA_OUTLOOK 2.57, FORGED_OUTLOOK_TAGS 1.00,
> >       HTML_IMAGE_ONLY_04 1.00, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32,
> >       RCVD_IN_NJABL 0.10, RCVD_IN_NJABL_SPAM 1.21, RCVD_IN_SBL 1.11)
> > X-gw-MailScanner-SpamScore: ssssssssssss
> > X-MailScanner-From: janetwhite at facemolality.com
> > Return-Path: JanetWhite at facemolality.com
> > X-OriginalArrivalTime: 10 Mar 2004 20:31:16.0293 (UTC)
> > FILETIME=[A3267750:01C406DE]
> >
> >

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654