Spam getting through MailScanner and SA

Gib Gilbertson Jr. gib at TMISNET.COM
Thu Mar 18 12:37:35 GMT 2004 

Hi.

The only extra rules for SA are a couple of subject line scans for some
spam that have their subject line in plain text. These reside in
/etc/mail/spamassassin/local.cf

I am running bayes. I do have a couple of spam traps setup and run that
mail through bayes with sa-learn nightly. Of course I just discovered that
the bayes rules files pointed to by spam.assassin.prefs.conf were not the
rules files being updated when I ran sa-learn nightly... All the updates
were being written to /root/.spamassassin and not /var/spool/spamassassin.
That is fixed now so maybe the messages will go away.

I'm also running rules-du-jour with daily updates.

The list is great for picking up bits and pieces of the operation of the
different software.

gib

At 09:19 AM 3/18/2004 +0000, you wrote:
>Gib
>
>are you running bayes?
>
>what extra rules ontop of the the default SA are you running?
>
>--
>Martin Hepworth
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>
>Gib Gilbertson Jr. wrote:
>>Hi.
>>
>>Is there anyway to stop messages like this from getting through and not
>>being labeled as spam? I've seen a lot of these slipping through the last
>>couple of days.
>>
>>Thanks
>>
>>gib
>>
>>=======
>>
>>Received: from RJ217109044.user.veloxzone.com.br
>>(RJ217109044.user.veloxzone.com.br [200.217.109.44] (may be forged))
>>         by thumper.tmisnet.com (8.12.9p2/8.12.9) with SMTP id
>>i2I0GiNx039744
>>         for <gib at tmisnet.com>; Wed, 17 Mar 2004 16:16:46 -0800 (PST)
>>         (envelope-from xsewoyevnlsrod at excite.com)
>>Received: from gxpbrmdkr [207.32.46.222] ([207.32.46.222])
>>         by RJ217109044.user.veloxzone.com.br (8.5.8/excite.com) with SMTP
>>id 71B80A5B
>>         for <gib at tmisnet.com>; Wed, 17 Mar 2004 16:16:34 -0800
>>Message-ID: <8C42C$9$1f7847b3 at excite.com>
>>From: "Risreqv Coydhrvv" <xsewoyevnlsrod at excite.com>
>>To: "Sauraxny Danprbsc" <gib at tmisnet.com>
>>Subject:
>>=?utf-8?B?W1RSU1JdIFN0cm9uZ2VyIGVyZWN0aW9uIGZvciAkMC45NSwgb2duZXkgZ2lx?=
>>Date: Wed, 17 Mar 2004 16:16:34 -0800
>>MIME-Version: 1.0
>>Content-Type: multipart/related;
>>         boundary="b1f7847b3-excite.com"
>>X-tmisnet-MailScanner-Information: Please contact TMISNET for more
>>information
>>X-tmisnet-MailScanner: Found to be clean
>>X-tmisnet-MailScanner-SpamScore: ssss
>>Status: RO
>>
>>--b1f7847b3-excite.com
>>Content-Type: text/html;
>>         charset="iso-8859-1"
>>Content-Transfer-Encoding: quoted-printable
>>
>><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
>><HTML><HEAD>
>><META http-equiv=3DContent-Type content=3D"text/html; =
>>charset=3Diso-8859-1">
>></HEAD>
>><BODY bgColor=3D#ffffff>
>><DIV><FONT size=3D1 color=3D#F1F5FC>
>>kaqg ujht wgh =
>>my jgbdx tvnb ksb =
>>qcst =
>></FONT><BR><FONT face=3DArial size=3D2><A=20
>>href=3D"http://g.msn.com/0AD0000I/580005.1?http://www1f7847b3.augmay.biz/PH009/?affiliate_id=3D233488&campaign_id=3D21010"><IMG
>>
>>=
>>alt=3D"" hspace=3D0=20
>>src=3D"cid:excite.com-1f7847b3" align=3Dbaseline=20
>>border=3D0></A></FONT><BR>
>><FONT color=3D#F6F8F2>
>>lelho =
>>sbla iyy sgbv fvsswd =
>>lytor oygt llfsa y =
>>tmydm xvsa rxvl =
>>qtod sj rlxrs rde =
>>xvew qrw tevpw =
>>viurt ml iqfr =
>></FONT></DIV></BODY></HTML>
>>
>>--b1f7847b3-excite.com
>>Content-Type: image/gif;
>>         name="jrqbkjf3.gif"
>>Content-Transfer-Encoding: base64
>>Content-ID: <excite.com-1f7847b3>
>>
>>R0lGODlhfAEvAJEAAP///wAAAMwAAAAAmSH5BAAAAAAALAAAAAB8AS8AAAL/
>>xA6ZN8usHIrqzWovfbT7D4aiIoDCeY5oSa3r2Lqky85phHp0TcP+DwTUcDJQ
>>4Kg4BpLIoNMAkTSglk00kuFIqx3t8wvs2Yq6HVEM293M56HwFiuqwfQ0ef5R
>>MpcJfd13dSXRxSWFdSEoSKU4osT398GWkPPmdjYJV/n0MnMZR4lpaTPa+eMI
>>GSIJx9nhB+DqigoSqEFF6GXbhTE1eIj72tT6KNuRw8KTCeoZShqkPLk8lpwZ
>>1wy9lzdMXH1MUu0BGxy7bcWryJixO5JYmx4xzkRenGKp/MzcjKZCXVZPphlp
>>1T1s4LTJ0yTqm7BH4QwetIWu3YQojG7t4pVLEDxg/46WiAvHsU+wT/6GDLQn
>>8F8qfvPcUAI1EF8lVgQpdEQy8hSwkDz7sVRo8yPDkQ8HRcSYcSKiQlkkTqmY
>>TaSfJlSr8iEqLWW0Mda47ku49aXWgCYlNbqqc+fOqVVN6Nv6TmjNokZr5VKX
>>1BzTLBbvnhUZN/DHeGQ5oUyoBvFPoGS/wVx8z2yItoH3DCVcOHLMng3plrPr
>>tymCo3hxiUZqBG1lwIMBrxRbFuyLmJvhtmwjZrPu2pWJ5gTp+jU1mgtrbnxY
>>yJcvvn7v0sJ42gfl4GsvU9cB8LAdHozd1ouW+BjkVbdhTKeetnUqgKHASjWO
>>tWhyvL16mV6qF7/y9wXRD//DaZ1aLXjzmHjIKIaMV/x9QgR40xjoXSntzdWb
>>Nr+pF58QBKbknmd0HMXBfUo1Rd8iJl60YFDXUYahQ3i0x0qBNL3YU0u59TCj
>>MXOYkVhcDqmFVVstZibjWwt25mGJW4xmFzu/nOPOfsedJ1WA6pEkyj9F+mTJ
>>cVllVYJmYe54I3E1VljQdFdiiZtKR8qVZJxyzjkgnavZiaeHHebJZ59+1pln
>>hn8O+sWehB6KaFGGPuRloo6a8Gikkk76hKCUXopppppuymmnnn4KaqiijlqU
>>pXia2t8mpDqBKqs/gpHWn636Gcus5ln4amquFmqjd/7cGmuStqa5Zh3Dxnns
>>qb//yeJbrsQke4d4ZWCi4GQBUrqsgJAk6yG3cwKIWaziOtTiYDpd6OO1dmhI
>>T1kxNCihtYJ5NJS5F+KqmmV/EXYenFVahlaz53o5MEf/daQiWwfbq+8X4Lom
>>DsTqxtOaVRRbdxW/zr6rYbzDuRuvrhezJXG+amYc8XUqRqUtixKHG+5lVPYx
>>ssaY8UcykAGzuHFUFeOKZjZW5ssa0akOuwa81Cr9BtMiF33nw/++fOfNwoi8
>>bLNBr3yv1VdnffDKAkpd3Wrc/lyl0a02VPDFKt/0drAzrQGy0tPcavPNZN+U
>>c8xym50z2GLrDLDafJOLsOBWD6l42mfDPfYp2co7c8v0/66Icc/FUHu3jZ2L
>>ALnl86abat7aXh104/5RTXjDT+99+eJDiz65w0AHGTvrgJ++OpVoOyFt5yx9
>>niLvorvtetUnU5htv7mv3nr0BoMuc9i1R4481F5jf7rWVOVdrPcM9Y4x90iH
>>2fTSAs3DsdfxaR29mvzGP3HzRAfO+vIlj4162eDDbz6TAY1mARyc/6aXPNxx
>>DTjae1PbfqCSHMGoTe5D3ELqVatx9C10GUJYcCRXL9L5LYOx+5vBYIcNAJar
>>fgys3KrIsSg6eIt6dJlhoDT3whx6JoawwiEQbIg3bG1Ph0QsIjmA+EITGnGJ
>>TGyiE58IxShKcYpUrKIVr4jFLLFqcYtc7KIVg6XABIZtcFZJDwchh0QvqpFT
>>oeOdUFpoQY158IQKe+Aa77hEhVUQZzxjme6iZrQh4nGQo8pJ1aRXvadJD5Aq
>>Mx4hHwkqQYWxg3MMChrPOEe+NRKSnGTjqyb5Iz1Q8pKZrKQmHdnJVF7KkHts
>>WcxKt0g5bi+NqqylnPQYNz7eL45/fOUmbQnMTLVRk2+8UhhLZkaCnJKWwWwm
>>ozQIt67pzSD2K6WP6IiWAgAAOw
>>
>>--b1f7847b3-excite.com--
>>
>>
>>
>>      Gib Gilbertson Jr.
>>     Tierramiga Info Systems
>>      619-287-8647 Support
>>      http://www.tmisnet.com
>>      San Diego's "Friendly ISP"
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.
>
>**********************************************************************


      Gib Gilbertson Jr.
     Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's "Friendly ISP"

More information about the MailScanner mailing list