Forwarded spam is caught, original message is not

Scott Silva ssilva at
Thu Mar 5 17:52:38 GMT 2009

on 3-5-2009 9:21 AM Chris Barber spake the following:
>> A DNS timeout on the surbl hits could explain it. The first time the surbl list lookup comes in just at the timeout, then the forward hits >the cached lookup and is faster.
>> Do you quarantine all your messages? If so you could pull the original out and retest it. If it still doesn't hit, it is probably an >encoding issue, it it does, it is a DNS issue.
> Scott,
> Looks like it is not a DNS issue. I put the original and forwarded messages back through the server and I had the same results. The original message does not hit the URIBL rules (even if I put it through many times) and the forwarded one does. The only difference I can see is the encoding. The URL's in the original have some extra characters it seems. See my original post for the queue files and you can see what I mean. 
> Is this some new tactic that spammers are using to get around URL checking in the body of emails? How can I troubleshoot this further?
> Thanks,
> Chris
Can you pastebin an example somewhere so others can test it. That way we can
eliminate or implicate your systems configs or module versions.

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url :

More information about the MailScanner mailing list