Broken messge id cause spam to be ignored?

Wed Mar 31 00:43:35 IST 2004

Please can you both try the attached patch to Postfix.pm

cd /usr/lib/MailScanner/MailScanner
cp Postfix.pm Postfix.pm.backup
patch < Postfix.pm.patch

then shutdown MailScanner and restart it.

Please urgently let me know whether it works.

At 21:30 30/03/2004, you wrote:
>On Mon, 1 Mar 2004 06:30:46 -0000, Iain McWilliams <iain at LMP.CO.UK> wrote:
>
> >
> >Running Mailscanner with Postfix and spamassassin, everything working
> >well but some spam appears to be slipping through the net. The strange
> >thing is they all have the same broken message id. Could the spammers
> >have found a loophole?
> >
>
>I've been seeing this more and more recently... I managed to get a capture
>of the inbound SMTP session for one of these...
>
>======
>220 rose.tlns.net ESMTP Postfix
>HELO 217.206.220.190
>250 rose.tlns.net
>MAIL FROM: <boswsmax at asbe45e.com>
>250 Ok
>RCPT TO: <my.address at hidden.from.spambots>
>250 Ok
>DATA
>354 End data with <CR><LF>.<CR><LF>
>Message-ID: <2[10
>.
>250 Ok: queued as 0857A28246
>QUIT
>221 Bye
>======
>
>Fair enough, munged up header and no content, but is it detected as spam?
>
>======
>Mar 30 19:16:38 rose MailScanner[31156]: Message 0857A28246 from
>220.168.62.100 (boswsmax at asbe45e.com) to tucny.com is spam, SpamAssassin
>(score=21.315, required 5, BAYES_99 5.40, FORGED_RCVD_NET_HELO 4.10,
>INVALID_MSGID 2.50, NO_REAL_NAME 0.16, RCVD_IN_BL_SPAMCOP_NET 1.50,
>RCVD_IN_DSBL 0.71, RCVD_IN_NJABL
>0.10, RCVD_IN_NJABL_PROXY 0.50, RCVD_IN_OPM 1.00, RCVD_IN_OPM_HTTP_POST
>1.00, RCVD_IN_OPM_SOCKS 1.26, RCVD_IN_SORBS 0.10, RCVD_IN_SORBS_HTTP 1.10,
>RCVD_IN_SORBS_MISC 0.69, RCVD_IN_SORBS_SOCKS 1.20)
>Mar 30 19:16:38 rose MailScanner[31156]: Spam Checks: Found 1 spam messages
>======
>
>Ohhh yeah... couldn't score much higher considering the lack of content!
>
>Soo, should be OK now? MailScanner will mark is as spam?
>
>======
>Return-Path: <boswsmax at asbe45e.com>
>X-Original-To: my.address at hidden.from.spambots
>Delivered-To: my.address at hidden.from.spambots
>Received: from 217.206.220.190 (unknown [220.168.62.100]) by rose.tlns.net
>
>  (Postfix) with SMTP id 0857A28246 for <dan at tucny.com>; Tue, 30 Mar 2004
>  19:16:35 +0100 (BST)
>Message-ID: <2[10
>Date: Tue, 30 Mar 2004 19:16:35 +0100 (BST)
>From: boswsmax at asbe45e.com
>To: undisclosed-recipients:;
>Subject: No Subject
>Mime-Version: 1.0
>
>boswsmax at asbe45e.com
>======
>
>:( Nope, MailScanner's not managed to insert any headers after the dodgy
>Message-ID and the 'mail' has got through and poluted my Inbox...
>
>Running MailScanner 4.28.6...
>
>Dan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Postfix.pm.patch
Type: application/octet-stream
Size: 1605 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040331/2c6ebcad/Postfix.pm.obj
-------------- next part --------------
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654