Consistent SPAM messages getting through

Mon Dec 15 16:50:55 GMT 2008

Have you whitelisted your own e-mail address or domain??  If so - then 
that is part of the problem.

Also - consider using some RBLs in your MTA:

[root at mail src]# host 84.3.59.247
247.59.3.84.in-addr.arpa domain name pointer catv54033BF7.pool.t-online.hu.
[root at mail src]# host 247.59.3.84.zen.spamhaus.org
247.59.3.84.zen.spamhaus.org has address 127.0.0.11
247.59.3.84.zen.spamhaus.org has address 127.0.0.4

The host that input this message was already listed in Spamhaus XBL and 
PBL lists.

Regards,
Steve.

Nasser Al-Zawawi wrote:
> Hi,
> 
> I have RedHat ES 4 server running sendmail (8.13.1) and I am using the 
> latest MailScanner version (4.73.4-2), ClamAV 0.94.2 and SpamAssassin 
> 3.2.5.  Lately this kind of message has been getting through:
> 
> It says it is coming from my email or an alias on my system and it is 
> marked urgent the subject is something like: “Your order”, “Re: Your 
> order”, “Delivery Status Notification”, “Delivery Status Notification 
> (Failure)”.  The content is a jpg picture of Viagra, CIALIS, LEVITRA and 
> VPXL drugs.
> 
> Here is the message html source:
> 
> --------------
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> 
> <HTML><HEAD>
> 
> <META http-equiv=Content-Type content="text/html; charset=Windows-1252">
> 
> </HEAD>
> 
> <BODY><a href="http://couragedoctor.com/" target="_blank">
> 
> <img src="http://couragedoctor.com/8dvs9.jpg" border=0 alt="Having 
> trouble viewing this email?
> 
> Click here to view as a webpage."></a></BODY></HTML>
> 
> ---------
> 
> and here is the Internet headers:
> 
> ---------
> 
> Return-Path: <sales at alz-inc.com>
> 
> Received: from catv54033BF7.pool.t-online.hu 
> (catv54033BF7.pool.t-online.hu [84.3.59.247])
> 
>             by www.alz-inc.com (8.13.1/8.13.1) with SMTP id mBFEokoH025796
> 
>             for <sales at alz-inc.com>; Mon, 15 Dec 2008 09:50:47 -0500
> 
> Date: Mon, 15 Dec 2008 09:50:46 -0500
> 
> From: Nasser Al-Zawawi <sales at alz-inc.com>
> 
> Message-Id: <200812151450.mBFEokoH025796 at www.alz-inc.com>
> 
> To: <sales at alz-inc.com>
> 
> Subject: Re: Order status
> 
> MIME-Version: 1.0
> 
> Importance: High
> 
> Content-Type: text/html
> 
> X-alz-inc-MailScanner-Information: Please contact the ISP for more 
> information
> 
> X-alz-inc-MailScanner-ID: mBFEokoH025796
> 
> X-alz-inc-MailScanner: Found to be clean
> 
> X-alz-inc-MailScanner-From: sales at alz-inc.com
> 
> X-Spam-Status: No
> 
> Status: O
> 
> X-UID: 455634
> 
> Content-Length: 364
> 
> X-Keywords:  
> 
> -----------
> 
>  
> 
> They seem to come in patches of 4 (4 emails at a time).  I had it before 
> I upgraded to the latest version and after upgrading.  I probably get 
> about 80 message of this type per day.  Other types of SPAMs seem to be 
> under control but this type is getting though.  I appreciate any help 
> with this problem.
> 
>  
> 
> Best regards,
> 
> 
> Nasser
> 
>  
> 