Spam over the max allowed score still slips thr ough!!!

Desai, Jason jase at SENSIS.COM
Thu May 13 14:47:04 IST 2004


Is this message going through 2 different mailscanner systems?  I notice
that there could be two different %org% settings in the headers.  Notice
"X-xxxx-MailScanner:" and "X-ecemlgw-MailScanner-SpamCheck:".  So maybe one
system is detecting it as spam, but yours is not?  Or did you just not
completely sanitize the headers?

Jase

Remco Barendse wrote:
> I have already reported this problem a number of times but am still
> having this problem.
>
> There are a number of spammers that send e-mails that are still passed
> through by MailScanner even though the score of the mail is way above
> the defined limits.
>
> I use a delete striphtlm forward postmaster rule for high scoring
> spam, yet the mail gets delivered to the recipient. For most mails it
> works as it should, but for some it doesn't.
>
> Is anyone else seeing this problem? There are no remarks about
> whitelisting or anything in the mail headers and I am confident my
> rulesets are OK since the other spams are trapped correctly.
>
> The weird thing is that the mails are stripped from HTML as they
> should.
>
> I *suspect* that they are being treated by MS as low scoring spam for
> which I have striphtml deliver in my rulesets. Could there be an
> error in the MS script that is checking the score? Or are they doing
> black magic in the mail headers?? I have a qf/df pair to send.
>
> The upper limit for spam is 8, this is the header of a mail that
> slipped through.
>
> Microsoft Mail Internet Headers Version 2.0
> Received: from xxxxxx ([10.x.x.x]) by x.x.x with
> Microsoft SMTPSVC(5.0.2195.6713);
>          Thu, 13 May 2004 08:50:38 +0200
> Received: from upliftingease.com ([66.249.106.147])
>         by x (8.12.10/8.12.8) with SMTP id i4D6N8fK016259
>         for <xxxx at xxx>; Thu, 13 May 2004 08:23:19 +0200
> Message-Id: <200405130623.i4D6N8fK016259 at xxx>
> To: <xxxxx at xxx>
> From: Angela Jackson <AngelaJackson at upliftingease.com>
> Reply-To: <AngelaJackson at upliftingease.com>
> Date: Wed, 12 May 2004 23:23:23 -0700
> X-Mailer: Version 5.01.2764.4667
> MIME-version: 1.0
> Content-type: text/plain
> Subject: {Spam?} Date-a-Teen (18+over-only)
> X-xxxx-MailScanner-Information: Please contact the ISP for more
> information
> X-xxxx-MailScanner: Found to be clean
> X-MailScanner-MCPCheck: MCP-Clean (MCP-Whitelisted), MCP-Checker
>         (score=0, required 1)
> X-ecemlgw-MailScanner-SpamCheck: spam, SBL+XBL, spamhaus.org,
>         SpamAssassin (score=13.451, required 6, DNS_FROM_RFCI_DSN
>         1.39, EXCUSE_19 0.50, HTML_IMAGE_ONLY_04 1.53, HTML_MESSAGE
>         0.00, HTML_TAG_EXISTS_TBODY 0.10, MIME_HTML_ONLY 0.10,
>         MSGID_FROM_MTA_SHORT 3.31, MY_SPACER 0.25, RCVD_IN_AHBL 1.27,
>         RCVD_IN_SBL+XBL 4.00, RCVD_IN_SORBS 1.00)
> X-xxxx-MailScanner-SpamScore: sssssssssssss
> X-MailScanner-From: angelajackson at upliftingease.com
> Return-Path: AngelaJackson at upliftingease.com
> X-OriginalArrivalTime: 13 May 2004 06:50:38.0656 (UTC)
> FILETIME=[99AB4C00:01C438B6]
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list