Consistent SPAM messages getting through

Martin Hepworth maxsec at gmail.com
Mon Dec 15 16:38:32 GMT 2008


2008/12/15 Nasser Al-Zawawi <nassera at alz-inc.com>:
> Hi,
>
> I have RedHat ES 4 server running sendmail (8.13.1) and I am using the
> latest MailScanner version (4.73.4-2), ClamAV 0.94.2 and SpamAssassin
> 3.2.5.  Lately this kind of message has been getting through:
>
> It says it is coming from my email or an alias on my system and it is marked
> urgent the subject is something like: "Your order", "Re: Your order",
> "Delivery Status Notification", "Delivery Status Notification (Failure)".
> The content is a jpg picture of Viagra, CIALIS, LEVITRA and VPXL drugs.
>
> Here is the message html source:
>
> --------------
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
>
> <HTML><HEAD>
>
> <META http-equiv=Content-Type content="text/html; charset=Windows-1252">
>
> </HEAD>
>
> <BODY><a href="http://couragedoctor.com/" target="_blank">
>
> <img src="http://couragedoctor.com/8dvs9.jpg" border=0 alt="Having trouble
> viewing this email?
>
> Click here to view as a webpage."></a></BODY></HTML>
>
> ---------
>
> and here is the Internet headers:
>
> ---------
>
> Return-Path: <sales at alz-inc.com>
>
> Received: from catv54033BF7.pool.t-online.hu (catv54033BF7.pool.t-online.hu
> [84.3.59.247])
>
>             by www.alz-inc.com (8.13.1/8.13.1) with SMTP id mBFEokoH025796
>
>             for <sales at alz-inc.com>; Mon, 15 Dec 2008 09:50:47 -0500
>
> Date: Mon, 15 Dec 2008 09:50:46 -0500
>
> From: Nasser Al-Zawawi <sales at alz-inc.com>
>
> Message-Id: <200812151450.mBFEokoH025796 at www.alz-inc.com>
>
> To: <sales at alz-inc.com>
>
> Subject: Re: Order status
>
> MIME-Version: 1.0
>
> Importance: High
>
> Content-Type: text/html
>
> X-alz-inc-MailScanner-Information: Please contact the ISP for more
> information
>
> X-alz-inc-MailScanner-ID: mBFEokoH025796
>
> X-alz-inc-MailScanner: Found to be clean
>
> X-alz-inc-MailScanner-From: sales at alz-inc.com
>
> X-Spam-Status: No
>
> Status: O
>
> X-UID: 455634
>
> Content-Length: 364
>
> X-Keywords:
>
> -----------
>
>
>
> They seem to come in patches of 4 (4 emails at a time).  I had it before I
> upgraded to the latest version and after upgrading.  I probably get about 80
> message of this type per day.  Other types of SPAMs seem to be under control
> but this type is getting though.  I appreciate any help with this problem.
>
>
>
> Best regards,
>
> Nasser
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


If you can post more than just the html source to a pastbin or web
page (ie full raw message, headers and everything) people can check
their setup and see what extra rules (like dcc/razor/SARE etc) hit.

-- 
Martin Hepworth
Oxford, UK


More information about the MailScanner mailing list