German Spam still getting through?

Brent Addis b.addis at TIMESMEDIA.CO.NZ
Fri May 20 05:33:56 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

This is still happening?

The last one of these any of our servers received was on monday (being 
friday afternoon now)

Regards,

Brent Addis
Group Systems Administrator
Times Media Group




Jeff Mills wrote:

>Hi all,
>I still appear to be getting some of the German spam through MailScanner, even though I have the spamassassin rules in place.
>
>May 20 11:15:30 proxy2 postfix/smtpd[27650]: 2D9E5357047: client=eth191.nsw.adsl.internode.on.net[150.101.196.190]
>May 20 11:15:30 proxy2 postfix/cleanup[27868]: 2D9E5357047: message-id=<3512b9c1fd944f8b9f at ebanctrade.com>
>May 20 11:15:30 proxy2 postfix/qmgr[22186]: 2D9E5357047: from=<nsw.rs at ebanctrade.com>, size=1352, nrcpt=2 (queue active)
>May 20 11:15:30 proxy2 postfix/qmgr[22186]: 2D9E5357047: to=<user1 at domain.com>, relay=none, delay=0, status=deferred (delivery temporarily su$
>May 20 11:15:30 proxy2 postfix/qmgr[22186]: 2D9E5357047: to=<user2 at domain.com>, relay=none, delay=0, status=deferred (delivery temporarily susp$
>May 20 11:15:30 proxy2 postfix/smtpd[27650]: disconnect from eth191.nsw.adsl.internode.on.net[150.101.196.190]
>May 20 11:15:32 proxy2 MailScanner[22332]: New Batch: Scanning 1 messages, 1766 bytes
>May 20 11:15:32 proxy2 MailScanner[22332]: MCP Checks: Starting
>May 20 11:15:32 proxy2 MailScanner[22332]: Spam Checks: Starting
>May 20 11:15:43 proxy2 MailScanner[22332]: Virus and Content Scanning: Starting
>May 20 11:15:44 proxy2 MailScanner[22332]: Requeue: 2D9E5357047.5197D to A61FC357058
>May 20 11:15:44 proxy2 postfix/qmgr[22233]: A61FC357058: from=<nsw.rs at ebanctrade.com>, size=1544, nrcpt=2 (queue active)
>May 20 11:15:44 proxy2 MailScanner[22332]: Uninfected: Delivered 1 messages
>May 20 11:15:44 proxy2 postfix/smtp[28096]: A61FC357058: to=<user1 at domain.com>, relay=10.100.100.40[10.100.100.40], delay=14, status=sent (25$
>May 20 11:15:44 proxy2 postfix/smtp[28096]: A61FC357058: to=<user2 at domain.com>, relay=10.100.100.40[10.100.100.40], delay=14, status=sent (250 $
>May 20 11:15:44 proxy2 postfix/qmgr[22233]: A61FC357058: removed
>
>The resulting email is below, and the spam assassin rules is as follows:
>
>header PROLO_GSPAM23 Subject =~ /Tuerkei in die EU/i
>
>I've had a few of these come through today with varying subject lines.
>Its got me beat as to why some are getting through and some are caught.
>After reading through some recent threads, I noticed I had put the rule file in /usr/share/spamassassin instead of /etc/spamassassin (which is where my local.cf is located), so I have moved it, but it does not explain why some are picked up and some are getting through.
>
>proxy2 root # grep GSPAM /var/log/mail.log | wc -l
>43
>
>
>Any ideas?
>
>Cheers,
>Jeff
>
>
>
>-----Original Message-----
>From: nsw.rs at ebanctrade.com [mailto:nsw.rs at ebanctrade.com]
>Sent: Friday, May 20, 2005 11:15 AM
>To: server3129 at pocold.com.au
>Subject: Tuerkei in die EU
>
>
>GEWALTEXZESS:
>http://www.spiegel.de/politik/ausland/0,1518,345203,00.html
>
>Politiker zerreißt Menschenrechtsbericht:
>http://www.spiegel.de/politik/ausland/0,1518,325983,00.html
>
>Schily = Hitler
>http://www.spiegel.de/politik/deutschland/0,1518,345929,00.html
>
>Schily wehrt sich gegen Hitler-Vergleiche:
>http://www.spiegel.de/politik/deutschland/0,1518,345749,00.html
>
>Sie hat ja wie eine Deutsche gelebt:
>http://www.spiegel.de/panorama/0,1518,342484,00.html
>
>http://www.npd.de/npd_info/deutschland/2005/d0205-31.html
>
>Parallelgesellschaften - Feind hoerte mit:
>http://www.npd.de/npd_info/meldungen/2005/m0305-15.html
>
>Sie war unerlaubt spazieren:
>http://www.taz.de/pt/2004/11/25/a0143.nf/text
>
>Tiere an Autobahn geschlachtet:
>http://forum.gofeminin.de/forum/actu1/__f384_actu1-TuRKEI-NEIN-DANKE.html
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list