Can't figure out why we are getting so much spam.

Jason Gottschalk Jason at SYO.Com
Sun Oct 7 18:11:18 IST 2007


Hello UxBoD,

Okay, maybe not sql whitelisting. It appears to be text file
whitelisting and the whitelist db in sql is empty.

I'm glad you missed the whitelisted part originally, I thought, for a
moment, that you were mean! :)

I also, noticed in another spam that seems to be out of control, that
there are two FROM: lines in the header, one is the sender of the
message and the other is me, could this be what is causing it to come
through too?



Sunday, October 7, 2007, 10:46:55 AM, you wrote:
UxBoD> Doh! Missed that  

UxBoD> Are you using MailWatch at all with the SQL based whitelisting
UxBoD> ? or using the text based rules ?

UxBoD> Regards,

UxBoD> --[ UxBoD ]--
UxBoD> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
UxBoD> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
UxBoD> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
UxBoD> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net

UxBoD> ----- Original Message -----
UxBoD> From: "Gareth" <list-mailscanner at linguaphone.com>
UxBoD> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
UxBoD> Sent: Sunday, October 7, 2007 2:38:59 PM (GMT) Africa/Casablanca
UxBoD> Subject: RE: Can't figure out why we are getting so much spam.

>> X-SYO-MailScanner-SpamCheck: not spam (whitelisted)

UxBoD> Somthing is making Mailscanner think the mail is whitelisted.

UxBoD> Yu could try stopping mailscanner and then running it manually
UxBoD> in debug mode and it should tell you why it was whitelisted.

>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of UxBoD
>> Sent: 07 October 2007 15:21
>> To: MailScanner discussion
>> Subject: Re: Can't figure out why we are getting so much spam.
>> 
>> 
>> Hi,
>> 
>> You have scored that email over 30 points, so what help do you 
>> require ? If you want to reduce the number at the MTA then you 
>> could always look at implementing the RBLs directly from Exim, or 
>> look at other methods like greylisting.
>> 
>> Regards,
>> 
>> --[ UxBoD ]--
>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
>> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
>> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>> 
>> ----- Original Message -----
>> From: "Jason Gottschalk" <Jason at SYO.Com>
>> To: mailscanner at lists.mailscanner.info
>> Sent: Sunday, October 7, 2007 2:19:33 PM (GMT) Africa/Casablanca
>> Subject: Can't figure out why we are getting so much spam.
>> 
>> Hello mailscanner,
>> 
>> 
>> The amount of spam we are getting has really grown in the last few
>> weeks, from 2 or 3 per day to dozens per hour.
>> 
>> Any help would be appreciated.
>> 
>> Here is an example: (and it certainly is NOT in my whitelist!:)
>> 
>> Return-path: <jason at syo.com>
>> Envelope-to: jason at syo.com
>> Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400
>> Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net)
>>         by sabrina.syo.com with esmtp (Exim 4.66)
>>         (envelope-from <jason at syo.com>)
>>         id 1IeWHm-00086o-1K
>>         for jason at syo.com; Sun, 07 Oct 2007 09:35:10 -0400
>> Date: Sun, 07 Oct 2007 06:04:53 -0200
>> From: "Jacob E. Henry" <bkmlu at starmobilesound.net>
>> X-Mailer: Internet Mail Service (5.5.2650.21)
>> X-Priority: 3
>> Message-ID: <652352516118.20071007060453566120153 at starmobilesound.net>
>> To: jason at syo.com
>> Subject: Bright side
>> MIME-Version: 1.0
>> Content-Type: text/html; charset=UTF-8
>> Content-Transfer-Encoding: 7bit
>> X-SYO-MailScanner-Information: Please contact the SYO for more information
>> X-SYO-MailScanner: Found to be clean
>> X-SYO-MailScanner-SpamCheck: not spam (whitelisted),
>>         SpamAssassin (not cached, score=34.194, required 3, 
>> autolearn=spam,
>>         BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26,
>>         FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45, 
>> HELO_DYNAMIC_IPADDR2 4.39,
>>         HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00, 
>> HTML_MESSAGE 0.00,
>>         MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50,
>>         RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50,
>>         RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91,
>>         RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96,
>>         URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50,
>>         URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50)
>> X-SYO-MailScanner-From: jason at syo.com
>> 
>> 
>> 
>> 
>> -- 
>> 
>> Best regards,
>> 
>>  Jason Gottschalk                         mailto:Jason at SYO.Com
>>  SYO Computer Engineering Services, Inc.
>>  SYO - Servicing Your Organization
>>  586-286-2557
>> 
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website! 
>> 
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> 
>> 
>> 
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> 
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website! 
>> 
>> 
>> 

UxBoD> --
UxBoD> MailScanner mailing list
UxBoD> mailscanner at lists.mailscanner.info
UxBoD> http://lists.mailscanner.info/mailman/listinfo/mailscanner

UxBoD> Before posting, read http://wiki.mailscanner.info/posting

UxBoD> Support MailScanner development - buy the book off the website!

UxBoD> -- 
UxBoD> This message has been scanned for viruses and
UxBoD> dangerous content by MailScanner, and is
UxBoD> believed to be clean.



UxBoD> -- 
UxBoD> This message has been scanned for viruses and
UxBoD> dangerous content by MailScanner, and is
UxBoD> believed to be clean.



-- 
Best regards,
 Jason Gottschalk                         mailto:Jason at SYO.Com
 SYO Computer Engineering Services, Inc.
 586-286-2557



More information about the MailScanner mailing list