Can't figure out why we are getting so much spam.
UxBoD
uxbod at splatnix.net
Sun Oct 7 15:46:55 IST 2007
Doh! Missed that ;)
Are you using MailWatch at all with the SQL based whitelisting ? or using the text based rules ?
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
----- Original Message -----
From: "Gareth" <list-mailscanner at linguaphone.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Sunday, October 7, 2007 2:38:59 PM (GMT) Africa/Casablanca
Subject: RE: Can't figure out why we are getting so much spam.
> X-SYO-MailScanner-SpamCheck: not spam (whitelisted)
Somthing is making Mailscanner think the mail is whitelisted.
Yu could try stopping mailscanner and then running it manually in debug mode and it should tell you why it was whitelisted.
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of UxBoD
> Sent: 07 October 2007 15:21
> To: MailScanner discussion
> Subject: Re: Can't figure out why we are getting so much spam.
>
>
> Hi,
>
> You have scored that email over 30 points, so what help do you
> require ? If you want to reduce the number at the MTA then you
> could always look at implementing the RBLs directly from Exim, or
> look at other methods like greylisting.
>
> Regards,
>
> --[ UxBoD ]--
> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>
> ----- Original Message -----
> From: "Jason Gottschalk" <Jason at SYO.Com>
> To: mailscanner at lists.mailscanner.info
> Sent: Sunday, October 7, 2007 2:19:33 PM (GMT) Africa/Casablanca
> Subject: Can't figure out why we are getting so much spam.
>
> Hello mailscanner,
>
>
> The amount of spam we are getting has really grown in the last few
> weeks, from 2 or 3 per day to dozens per hour.
>
> Any help would be appreciated.
>
> Here is an example: (and it certainly is NOT in my whitelist!:)
>
> Return-path: <jason at syo.com>
> Envelope-to: jason at syo.com
> Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400
> Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net)
> by sabrina.syo.com with esmtp (Exim 4.66)
> (envelope-from <jason at syo.com>)
> id 1IeWHm-00086o-1K
> for jason at syo.com; Sun, 07 Oct 2007 09:35:10 -0400
> Date: Sun, 07 Oct 2007 06:04:53 -0200
> From: "Jacob E. Henry" <bkmlu at starmobilesound.net>
> X-Mailer: Internet Mail Service (5.5.2650.21)
> X-Priority: 3
> Message-ID: <652352516118.20071007060453566120153 at starmobilesound.net>
> To: jason at syo.com
> Subject: Bright side
> MIME-Version: 1.0
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: 7bit
> X-SYO-MailScanner-Information: Please contact the SYO for more information
> X-SYO-MailScanner: Found to be clean
> X-SYO-MailScanner-SpamCheck: not spam (whitelisted),
> SpamAssassin (not cached, score=34.194, required 3,
> autolearn=spam,
> BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26,
> FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45,
> HELO_DYNAMIC_IPADDR2 4.39,
> HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00,
> HTML_MESSAGE 0.00,
> MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50,
> RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50,
> RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91,
> RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96,
> URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50,
> URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50)
> X-SYO-MailScanner-From: jason at syo.com
>
>
>
>
> --
>
> Best regards,
>
> Jason Gottschalk mailto:Jason at SYO.Com
> SYO Computer Engineering Services, Inc.
> SYO - Servicing Your Organization
> 586-286-2557
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list