Broken messge id cause spam to be ignored?

Dan Tucny dan at TUCNY.COM
Wed Mar 31 19:39:11 IST 2004 

Julian,

I've applied the patch, I'll let you know as soon as I see another of
these...

Thanks,

Dan

On Wed, 2004-03-31 at 00:43, Julian Field wrote:
> Please can you both try the attached patch to Postfix.pm
>
> cd /usr/lib/MailScanner/MailScanner
> cp Postfix.pm Postfix.pm.backup
> patch < Postfix.pm.patch
>
> then shutdown MailScanner and restart it.
>
> Please urgently let me know whether it works.
>
> At 21:30 30/03/2004, you wrote:
> >On Mon, 1 Mar 2004 06:30:46 -0000, Iain McWilliams <iain at LMP.CO.UK> wrote:
> >
> > >
> > >Running Mailscanner with Postfix and spamassassin, everything working
> > >well but some spam appears to be slipping through the net. The strange
> > >thing is they all have the same broken message id. Could the spammers
> > >have found a loophole?
> > >
> >
> >I've been seeing this more and more recently... I managed to get a capture
> >of the inbound SMTP session for one of these...
> >
> >======
> >220 rose.tlns.net ESMTP Postfix
> >HELO 217.206.220.190
> >250 rose.tlns.net
> >MAIL FROM: <boswsmax at asbe45e.com>
> >250 Ok
> >RCPT TO: <my.address at hidden.from.spambots>
> >250 Ok
> >DATA
> >354 End data with <CR><LF>.<CR><LF>
> >Message-ID: <2[10
> >.
> >250 Ok: queued as 0857A28246
> >QUIT
> >221 Bye
> >======
> >
> >Fair enough, munged up header and no content, but is it detected as spam?
> >
> >======
> >Mar 30 19:16:38 rose MailScanner[31156]: Message 0857A28246 from
> >220.168.62.100 (boswsmax at asbe45e.com) to tucny.com is spam, SpamAssassin
> >(score=21.315, required 5, BAYES_99 5.40, FORGED_RCVD_NET_HELO 4.10,
> >INVALID_MSGID 2.50, NO_REAL_NAME 0.16, RCVD_IN_BL_SPAMCOP_NET 1.50,
> >RCVD_IN_DSBL 0.71, RCVD_IN_NJABL
> >0.10, RCVD_IN_NJABL_PROXY 0.50, RCVD_IN_OPM 1.00, RCVD_IN_OPM_HTTP_POST
> >1.00, RCVD_IN_OPM_SOCKS 1.26, RCVD_IN_SORBS 0.10, RCVD_IN_SORBS_HTTP 1.10,
> >RCVD_IN_SORBS_MISC 0.69, RCVD_IN_SORBS_SOCKS 1.20)
> >Mar 30 19:16:38 rose MailScanner[31156]: Spam Checks: Found 1 spam messages
> >======
> >
> >Ohhh yeah... couldn't score much higher considering the lack of content!
> >
> >Soo, should be OK now? MailScanner will mark is as spam?
> >
> >======
> >Return-Path: <boswsmax at asbe45e.com>
> >X-Original-To: my.address at hidden.from.spambots
> >Delivered-To: my.address at hidden.from.spambots
> >Received: from 217.206.220.190 (unknown [220.168.62.100]) by rose.tlns.net
> >
> >  (Postfix) with SMTP id 0857A28246 for <dan at tucny.com>; Tue, 30 Mar 2004
> >  19:16:35 +0100 (BST)
> >Message-ID: <2[10
> >Date: Tue, 30 Mar 2004 19:16:35 +0100 (BST)
> >From: boswsmax at asbe45e.com
> >To: undisclosed-recipients:;
> >Subject: No Subject
> >Mime-Version: 1.0
> >
> >boswsmax at asbe45e.com
> >======
> >
> >:( Nope, MailScanner's not managed to insert any headers after the dodgy
> >Message-ID and the 'mail' has got through and poluted my Inbox...
> >
> >Running MailScanner 4.28.6...
> >
> >Dan
>
> ______________________________________________________________________
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list