Broken messge id cause spam to be ignored?

Dan Tucny dan at TUCNY.COM
Tue Mar 30 21:30:12 IST 2004 

On Mon, 1 Mar 2004 06:30:46 -0000, Iain McWilliams <iain at LMP.CO.UK> wrote:

>
>Running Mailscanner with Postfix and spamassassin, everything working
>well but some spam appears to be slipping through the net. The strange
>thing is they all have the same broken message id. Could the spammers
>have found a loophole?
>

I've been seeing this more and more recently... I managed to get a capture
of the inbound SMTP session for one of these...

======
220 rose.tlns.net ESMTP Postfix
HELO 217.206.220.190
250 rose.tlns.net
MAIL FROM: <boswsmax at asbe45e.com>
250 Ok
RCPT TO: <my.address at hidden.from.spambots>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Message-ID: <2[10
.
250 Ok: queued as 0857A28246
QUIT
221 Bye
======

Fair enough, munged up header and no content, but is it detected as spam?

======
Mar 30 19:16:38 rose MailScanner[31156]: Message 0857A28246 from
220.168.62.100 (boswsmax at asbe45e.com) to tucny.com is spam, SpamAssassin
(score=21.315, required 5, BAYES_99 5.40, FORGED_RCVD_NET_HELO 4.10,
INVALID_MSGID 2.50, NO_REAL_NAME 0.16, RCVD_IN_BL_SPAMCOP_NET 1.50,
RCVD_IN_DSBL 0.71, RCVD_IN_NJABL
0.10, RCVD_IN_NJABL_PROXY 0.50, RCVD_IN_OPM 1.00, RCVD_IN_OPM_HTTP_POST
1.00, RCVD_IN_OPM_SOCKS 1.26, RCVD_IN_SORBS 0.10, RCVD_IN_SORBS_HTTP 1.10,
RCVD_IN_SORBS_MISC 0.69, RCVD_IN_SORBS_SOCKS 1.20)
Mar 30 19:16:38 rose MailScanner[31156]: Spam Checks: Found 1 spam messages
======

Ohhh yeah... couldn't score much higher considering the lack of content!

Soo, should be OK now? MailScanner will mark is as spam?

======
Return-Path: <boswsmax at asbe45e.com>
X-Original-To: my.address at hidden.from.spambots
Delivered-To: my.address at hidden.from.spambots
Received: from 217.206.220.190 (unknown [220.168.62.100]) by rose.tlns.net

 (Postfix) with SMTP id 0857A28246 for <dan at tucny.com>; Tue, 30 Mar 2004
 19:16:35 +0100 (BST)
Message-ID: <2[10
Date: Tue, 30 Mar 2004 19:16:35 +0100 (BST)
From: boswsmax at asbe45e.com
To: undisclosed-recipients:;
Subject: No Subject
Mime-Version: 1.0

boswsmax at asbe45e.com
======

:( Nope, MailScanner's not managed to insert any headers after the dodgy
Message-ID and the 'mail' has got through and poluted my Inbox...

Running MailScanner 4.28.6...

Dan

More information about the MailScanner mailing list