new spam getting through

Peter Ong peter.ong at hypermediasystems.com
Mon Dec 6 16:04:24 GMT 2010


To further test, here's what I did.

I created an empty text file. Pasted only the shortened urls in them. Then, I ran spamassassin on them:

I ran:
spamassassin -t < spam3.txt
spam3.txt is the text file I created with only the shortened urls inside.

------------=_4CFD0930.09ACA586
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

https://mail021.dti/zimbra/
http://goo.gl/m4PzL

------------=_4CFD0930.09ACA586--

Spam detection software, running on the system "gateway001.inf", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  [...]

Content analysis details:   (9.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 MISSING_MID            Missing Message-Id: header
 0.0 MISSING_DATE           Missing Date: header
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
 2.5 MISSING_HB_SEP         Missing blank line between message header and body
 1.3 MISSING_HEADERS        Missing To: header
 2.2 TVD_SPACE_RATIO        BODY: TVD_SPACE_RATIO
 1.8 MISSING_SUBJECT        Missing Subject: header
 1.4 EMPTY_MESSAGE          Message appears to have no textual parts and no
                            Subject: text
-0.0 NO_RECEIVED            Informational: message has no Received headers
 0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers


----- Original Message -----

> From: "Peter Ong" <peter.ong at hypermediasystems.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Monday, December 6, 2010 7:58:26 AM
> Subject: Re: new spam getting through
> 
> Hey Mr. Steve, thanks for the plugins. I didn't thank you earlier.
> 
> So here's how the plugin is faring at my place:
> 
> 1. It appears to be working fine:
> [7443] dbg: config: read file
> /etc/mail/spamassassin/DecodeShortURLs.cf
> [7443] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::DecodeShortURLs from
> /etc/mail/spamassassin/DecodeShortURLs.pm
> [7443] dbg: plugin:
> Mail::SpamAssassin::Plugin::DecodeShortURLs=HASH(0xacc6f30) implements
> 'parsed_metadata', priority -1
> 
> 2. I still received spam, and it doesn't appear this was triggered at
> all:
> [root at me]# grep -c SHORT_U mail20101204
> 0
> [root at me]# grep -c SHORT_U mail20101205
> 0
> 
> I know those spams came through on these days through this server.
> 
> 3. This is the spamassassin I'm running.
> SpamAssassin version 3.2.5
>   running on Perl version 5.8.8
> 
> 4. cd /tmp/DecodeShortURLs
> du -hs DecodeShortURLs.txt
> 0       DecodeShortURLs.txt
> 
> I don't know what I'm missing. Can somebody help?
> 
> p


More information about the MailScanner mailing list