Odd missing X-Spam-Status: Yes header
Jim Davis
jdavis at CS.ARIZONA.EDU
Thu Oct 27 19:13:58 IST 2005
This slipped by my procmail filter; it looks like the spammer added a fake
spamassassin block to the headers...
>From emala at abrilpesquisa.com.br Thu Oct 27 11:01:09 2005
>Return-Path: <wwwrun at h8884.serverkompetenz.net>
>Received: from hackberry.cs.arizona.edu (hackberry.cs.arizona.edu
> [192.12.69.6])
> by email.cs.arizona.edu (8.13.3/8.13.3) with ESMTP id j9RAM85n048192
> for <jdavis at hackberry.cs.arizona.edu>; Thu, 27 Oct 2005 03:22:08 -0700 (MST)
> (envelope-from wwwrun at h8884.serverkompetenz.net)
>Received: from cheltenham.cs.arizona.edu (cheltenham.cs.arizona.edu
> [192.12.69.60])
> by hackberry.cs.arizona.edu (Postfix) with ESMTP id 3D2E7D4081E
> for <jdavis at hackberry.cs.arizona.edu>; Thu, 27 Oct 2005 03:22:07 -0700 (MST)
>Received: from h8884.serverkompetenz.net (h8884.serverkompetenz.net
> [81.169.187.232])
> by cheltenham.cs.arizona.edu (8.13.4/8.13.4) with ESMTP id
> j9RAM3CY081643
> for <jdavis at cs.arizona.edu>; Thu, 27 Oct 2005 03:22:03 -0700 (MST)
> (envelope-from wwwrun at h8884.serverkompetenz.net)
>Received: by h8884.serverkompetenz.net (Postfix, from userid 30)
> id C039B177290; Thu, 27 Oct 2005 12:38:09 +0200 (CEST)
>X-Virus-Scanned: by amavis-ng-0.1.6.4-03dc on localhost
>From: Pesquisa Nacional Abril 2005 <emala at abrilpesquisa.com.br>
>To: jdavis at CS.Arizona.EDU
>Subject: Responda e concorra gratuitamente a um Palio Adventure 1.8
>X-Priority: 1
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook Express 6.00.2800.1437
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
...right about here:
>X-Spam-Checker-Version: SpamAssassin 3.0.3-spambr_20030926a (2005-04-27) on
> localhost
>X-Spam-Status: No, score=-105.5 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00,
> BR_CURSO_BODY,HTML_80_90,HTML_FONT_BIG,HTML_FONT_FACE_BAD,
> HTML_MESSAGE,HTML_NONELEMENT_00_10,HTML_TAG_EXIST_TBODY,
> USER_IN_WHITELIST autolearn=ham version=3.0.3-spambr_20030926a, Yes
>Content-type: text/html
>Message-Id: <20051027103809.C039B177290 at h8884.serverkompetenz.net>
>Date: Thu, 27 Oct 2005 12:38:09 +0200 (CEST)
While this is the real thing our local server added:
>X-CS-MailScanner-SpamCheck: spam, SpamAssassin (score=11.692, required 5,
> BAYES_99 3.50, DNS_FROM_RFC_ABUSE 0.20, FORGED_MUA_OUTLOOK 4.06,
> FORGED_OUTLOOK_HTML 2.71, HTML_90_100 0.11, HTML_MESSAGE 0.00,
> MIME_HEADER_CTYPE_ONLY 0.00, MIME_HTML_ONLY 0.00,
> NORMAL_HTTP_TO_IP 0.17, RAZOR2_CHECK 0.50, X_PRIORITY_HIGH 0.43)
>X-Spam-Level: ***********
>X-Spam-Flag: YES
>
>
>
><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
[...]
With
High Scoring Spam Actions = header "X-Spam-Status: Yes" header
"X-Spam-Flag: YES attachment deliver
then there should have been a 'X-Spam-Status: Yes' header added (and the
spam itself should have been wrapped in an attachment, but that's still
not working). Could the bogus 'X-Spam-Status: No' header somehow have
interfered with that?
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list