Big increase in spam
Martin Hepworth
maxsec at gmail.com
Sat Nov 29 11:43:27 GMT 2008
2008/11/28 Arthur Stephens <astephens at ptera.net>:
> Hugo van der Kooij wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Arthur Stephens wrote:
>
>
> Is it just me or did spammers figure out a away to get around mail scanner.
> I used not get any spam at all. But now so far today I have received 20
> to 30 so far.
> So I upgraded MailScanner - double checked config settings but they
> still keep coming.
>
>
> Well. What are the SA scores for those messages?
>
> My guess: Your SA database has been poluted so your SA score will stick
> around 50% and without other matches in SA that is usually not enough to
> be stopped.
>
> Hugo.
>
> - --
> hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
> A: Yes.
> >Q: Are you sure?
> >>A: Because it reverses the logical flow of conversation.
> >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> Nid wyf yn y swyddfa ar hyn o bryd. Anfonwch unrhyw waith i'w gyfieithu.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFJLj3eBvzDRVjxmYERAtklAJ9bVjGuGm9bw4AeRDS8dZ2qCHqrZwCfQd3r
> PFW5VQ25sihyDuS4orGGtlo=
> =67k0
> -----END PGP SIGNATURE-----
>
>
> Here are a few from the message source... I have 190 of them this morning.
>
> X-Ptera-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> score=1.286, required 6, BAYES_50 0.00, HTML_90_100 0.11,
> HTML_IMAGE_RATIO_02 0.46, HTML_MESSAGE 0.00,
> MPART_ALT_DIFF_COUNT 0.71)
> X-Ptera-MailScanner-SpamScore: s
>
> X-Ptera-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> score=3.004, required 6, BAYES_50 0.00, HTML_MESSAGE 0.00,
> MIME_HTML_MOSTLY 1.10, SUBJ_LIFE_INSURANCE 1.90)
> X-Ptera-MailScanner-SpamScore: sss
>
> X-Ptera-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> score=3.27, required 6, BAYES_50 0.00, HTML_90_100 0.11,
> HTML_IMAGE_RATIO_02 0.46, HTML_MESSAGE 0.00,
> REMOVE_BEFORE_LINK 2.69)
> X-Ptera-MailScanner-SpamScore: sss
>
> X-Ptera-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> score=-1.777, required 6, autolearn=not spam, BAYES_00 -2.60,
> HTML_90_100 0.11, HTML_MESSAGE 0.00, MPART_ALT_DIFF_COUNT 0.71)
>
> X-Ptera-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> score=-1.777, required 6, autolearn=not spam, BAYES_00 -2.60,
> HTML_90_100 0.11, HTML_MESSAGE 0.00, MPART_ALT_DIFF_COUNT 0.71)
>
> --
> Arthur Stephens
> Senior Sales Technician
> Ptera Wireless Internet Service
> PO Box 135
> Liberty Lake, WA 99019
> 509-927-7837
> For technical support visit http://www.ptera.net/support
> -----------------------------------------------------------------------------
> "This message may contain confidential and/or propriety information,
> and is intended for the person/entity to whom it was originally
> addressed. Any use by others is strictly prohibited.
> Please note that any views or opinions presented in this email are solely
> those of the author and are not intended to represent those of the company."
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
Arthur
if can post the full email (headers and all) to a web page or
pastebin, some people can then run then on their system and let you
know which rules they hit. I presume you've got razor/dcc and the SARE
rules setup? The sought.cf ruleset is very handy too and of course
don't forget to run sa-update regularly and keep SA itselft updated
(current version is 3.2.5).
--
Martin Hepworth
Oxford, UK
More information about the MailScanner
mailing list