Broken messge id cause spam to be ignored?

Dan Tucny dan at TUCNY.COM
Wed Mar 31 19:46:16 IST 2004 

Julian,

Rather than waiting, I just recreated the mail below...

The MailScanner headers have been included and the subject has been
tagged as can be seen below...

======
Return-Path:  <boswsmax at asbe45e.com>
X-Original-To:  dan at tucny.com
Delivered-To:  dan at tucny.com
Received:  from 217.206.220.190
(81-86-69-213.dsl.pipex.com
[81.86.69.213]) by rose.tlns.net
(Postfix) with SMTP id A511528245
for <dan at tucny.com>; Wed, 31 Mar
2004 19:40:17 +0100 (BST)
Message-ID:  <2[10
Date: Wed, 31 Mar 2004 19:40:17
+0100 (BST)
From: boswsmax at asbe45e.com
X-MailScanner-Information:  Please
contact the ISP for more information
X-MailScanner:  Found to be clean
X-MailScanner-SpamCheck:  spam,
SpamAssassin (score=6.759, required
5, BAYES_50 0.00,
FORGED_RCVD_NET_HELO 4.10,
INVALID_MSGID 2.50, NO_REAL_NAME
0.16)
X-MailScanner-SpamScore:  ssssss
X-MailScanner-From:
boswsmax at asbe45e.com
Subject: {Spam?}


boswsmax at asbe45e.com
======

That looks to have done the trick!

Thanks,

Dan


On Wed, 2004-03-31 at 19:39, Dan Tucny wrote:
> Julian,
>
> I've applied the patch, I'll let you know as soon as I see another of
> these...
>
> Thanks,
>
> Dan
>
> On Wed, 2004-03-31 at 00:43, Julian Field wrote:
> > Please can you both try the attached patch to Postfix.pm
> >
> > cd /usr/lib/MailScanner/MailScanner
> > cp Postfix.pm Postfix.pm.backup
> > patch < Postfix.pm.patch
> >
> > then shutdown MailScanner and restart it.
> >
> > Please urgently let me know whether it works.
> >
> > At 21:30 30/03/2004, you wrote:
> > >On Mon, 1 Mar 2004 06:30:46 -0000, Iain McWilliams <iain at LMP.CO.UK> wrote:
> > >
> > > >
> > > >Running Mailscanner with Postfix and spamassassin, everything working
> > > >well but some spam appears to be slipping through the net. The strange
> > > >thing is they all have the same broken message id. Could the spammers
> > > >have found a loophole?
> > > >
> > >
> > >I've been seeing this more and more recently... I managed to get a capture
> > >of the inbound SMTP session for one of these...
> > >
> > >======
> > >220 rose.tlns.net ESMTP Postfix
> > >HELO 217.206.220.190
> > >250 rose.tlns.net
> > >MAIL FROM: <boswsmax at asbe45e.com>
> > >250 Ok
> > >RCPT TO: <my.address at hidden.from.spambots>
> > >250 Ok
> > >DATA
> > >354 End data with <CR><LF>.<CR><LF>
> > >Message-ID: <2[10
> > >.
> > >250 Ok: queued as 0857A28246
> > >QUIT
> > >221 Bye
> > >======
> > >
> > >Fair enough, munged up header and no content, but is it detected as spam?
> > >
> > >======
> > >Mar 30 19:16:38 rose MailScanner[31156]: Message 0857A28246 from
> > >220.168.62.100 (boswsmax at asbe45e.com) to tucny.com is spam, SpamAssassin
> > >(score=21.315, required 5, BAYES_99 5.40, FORGED_RCVD_NET_HELO 4.10,
> > >INVALID_MSGID 2.50, NO_REAL_NAME 0.16, RCVD_IN_BL_SPAMCOP_NET 1.50,
> > >RCVD_IN_DSBL 0.71, RCVD_IN_NJABL
> > >0.10, RCVD_IN_NJABL_PROXY 0.50, RCVD_IN_OPM 1.00, RCVD_IN_OPM_HTTP_POST
> > >1.00, RCVD_IN_OPM_SOCKS 1.26, RCVD_IN_SORBS 0.10, RCVD_IN_SORBS_HTTP 1.10,
> > >RCVD_IN_SORBS_MISC 0.69, RCVD_IN_SORBS_SOCKS 1.20)
> > >Mar 30 19:16:38 rose MailScanner[31156]: Spam Checks: Found 1 spam messages
> > >======
> > >
> > >Ohhh yeah... couldn't score much higher considering the lack of content!
> > >
> > >Soo, should be OK now? MailScanner will mark is as spam?
> > >
> > >======
> > >Return-Path: <boswsmax at asbe45e.com>
> > >X-Original-To: my.address at hidden.from.spambots
> > >Delivered-To: my.address at hidden.from.spambots
> > >Received: from 217.206.220.190 (unknown [220.168.62.100]) by rose.tlns.net
> > >
> > >  (Postfix) with SMTP id 0857A28246 for <dan at tucny.com>; Tue, 30 Mar 2004
> > >  19:16:35 +0100 (BST)
> > >Message-ID: <2[10
> > >Date: Tue, 30 Mar 2004 19:16:35 +0100 (BST)
> > >From: boswsmax at asbe45e.com
> > >To: undisclosed-recipients:;
> > >Subject: No Subject
> > >Mime-Version: 1.0
> > >
> > >boswsmax at asbe45e.com
> > >======
> > >
> > >:( Nope, MailScanner's not managed to insert any headers after the dodgy
> > >Message-ID and the 'mail' has got through and poluted my Inbox...
> > >
> > >Running MailScanner 4.28.6...
> > >
> > >Dan
> >
> > ______________________________________________________________________
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list