perhaps this is old news

Julian Field mailscanner at ecs.soton.ac.uk
Sun Nov 21 12:12:41 GMT 2004 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks for that. I will take a look. I suspect I need to change the
header-modifying code so that it changes all matching headers and not
just the first one. Will be slower though :-(

Robin, Rob wrote:

>All,
>
>        Just would like to share this. Perhaps this is old news.
>        I have a couple of spam 'creep through'. I checked the score, it's over 20. From my outlook client, the word '{Spam?}' did not appear ib the subject (and therefore not sorted to my suspected spam folder). I set my spam to be tagged. All others are tagged just fine.
>        After looking through the header, I realized that there are 2 'Subject' headers. Only the first one is tagged '{Spam?}.
>        This has sucesfully made my Outlook client to use only the second header and ignoring the tagged one (and thus not go into junk folder).
>        Not sure this is a new trick by spammers to bypass subject spam tagging mechanism. Or it's spammers' incidental bug. Or Outlook's handling of headers.
>        Below is the header if you are interested.
>        Time to add new rules to the mail client :-). How many customers I need to call for adding new rules if things continue like this...
>
>Regards,
>Rob Robin
>rrobin at greenpple.com
>
>
>
>Microsoft Mail Internet Headers Version 2.0
>Received: from mbox2.greenapple.com ([192.168.188.134]) by ex1.ex.greenapple.com with Microsoft SMTPSVC(5.0.2195.6713);
>         Sat, 20 Nov 2004 09:29:13 -0500
>Received: from mx3.greenapple.com (root at mx3.greenapple.com [198.144.72.52])
>        by mbox2.greenapple.com (8.12.11/8.12.11) with ESMTP id iAKET1k7016021
>        for <robin at mbox2.greenapple.com>; Sat, 20 Nov 2004 09:29:12 -0500 (EST)
>Received: from c-67-173-202-59.client.comcast.net (c-67-173-202-59.client.comcast.net [67.173.202.59])
>        by mx3.greenapple.com (8.12.11/8.12.11) with SMTP id iAKERMLZ020088;
>        Sat, 20 Nov 2004 09:27:51 -0500 (EST)
>Message-Id: <200411201427.iAKERMLZ020088 at mx3.greenapple.com>
>Received: from chinesemail.org ([90.224.80.255]) by headway.belgique.com
>          (InterMail vK.4.04.00.00 413-142-933 license 4vt762vi9489s1og5s4dmc5794i5lcm6)
>          with ESMTP id <03261766537363.QOAZ921.amtrak at chinesemail.org>
>          for <robertp at greenapple.com>; Sat, 20 Nov 2004 16:27:18 +0200
>Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
>         Sat, 20 Nov 2004 07:30:18 -0700
>Received: from 144.128.126.130 by closeup.block.hotmail.msn.com with HTTP;
>        Sat, 20 Nov 2004 17:25:18 +0300 GMT
>X-Originating-IP: [144.0.240.228]
>X-Originating-Email: [correct at chinesemail.org]
>From: "Frances Shirley" <Caronvlf at mail.ru>
>To: robertp at greenapple.com
>Subject: {Spam?} RE : pain specialist on tuesday at 14-00
>Date: Sat, 20 Nov 2004 17:31:18 +0300
>Mime-Version: 1.0
>Received: from chinesemail.org ([35.8.168.232])
>          by headway.belgique.com
>          (InterMail vK.4.04.00.00 883-811-552 license 4vt762vi9489s1og5s4dmc5794i5lcm6)
>          with ESMTP id <61774162358055.TJJJ9488.headway.belgique.com>
>          for <robertp at greenapple.com>; Sat, 20 Nov 2004 08:25:18 -0600
>From: "Frances Shirley" <Caronvlf at mail.ru>
>To: "Robertp" <robertp at greenapple.com>
>Subject: RE : pain specialist on tuesday at 14-00
>Sender: "Frances Shirley" <Caronvlf at mail.ru>
>X-GreenApple-MailScanner-Information: Please contact the ISP for more information
>X-GreenApple-MailScanner: Found to be clean
>X-GreenApple-MailScanner-SpamCheck: spam, SpamAssassin (score=27.731,
>        required 9, autolearn=disabled, DRUGS_PAIN 0.01,
>        DRUGS_PAIN_OBFU 1.00, HELO_DYNAMIC_IPADDR 2.75, INVALID_TZ_GMT 0.64,
>        MSGID_FROM_MTA_HEADER 0.00, MSGID_FROM_MTA_ID 1.70,
>        RCVD_IN_BL_SPAMCOP_NET 1.83, RCVD_IN_DSBL 2.77,
>        RCVD_IN_NJABL_DUL 1.66, RCVD_IN_SORBS_DUL 0.14, RCVD_IN_XBL 2.51,
>        SARE_FREE_WEBM_RuMail 1.67, SARE_HTML_A_HIDE 1.16,
>        URIBL_OB_SURBL 3.00, URIBL_SBL 1.50, URIBL_SC_SURBL 3.90,
>        URIBL_WS_SURBL 1.50)
>X-GreenApple-MailScanner-SpamScore: sssssssssssssssssssssssssss
>X-MailScanner-From: caronvlf at mail.ru
>Return-Path: Caronvlf at mail.ru
>X-OriginalArrivalTime: 20 Nov 2004 14:29:13.0541 (UTC) FILETIME=[4EB7CF50:01C4CF0D]
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list