new spam getting through
Martin Hepworth
maxsec at gmail.com
Mon Dec 6 17:04:29 GMT 2010
well the SA is out of date, so update that and make sure it's using network
tests.
--
Martin Hepworth
Oxford, UK
On 6 December 2010 16:04, Peter Ong <peter.ong at hypermediasystems.com> wrote:
> To further test, here's what I did.
>
> I created an empty text file. Pasted only the shortened urls in them. Then,
> I ran spamassassin on them:
>
> I ran:
> spamassassin -t < spam3.txt
> spam3.txt is the text file I created with only the shortened urls inside.
>
> ------------=_4CFD0930.09ACA586
> Content-Type: message/rfc822; x-spam-type=original
> Content-Description: original message before SpamAssassin
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
>
> https://mail021.dti/zimbra/
> http://goo.gl/m4PzL
>
> ------------=_4CFD0930.09ACA586--
>
> Spam detection software, running on the system "gateway001.inf", has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it isn't spam) or label
> similar future email. If you have any questions, see
> the administrator of that system for details.
>
> Content preview: [...]
>
> Content analysis details: (9.2 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 0.0 MISSING_MID Missing Message-Id: header
> 0.0 MISSING_DATE Missing Date: header
> -0.0 NO_RELAYS Informational: message was not relayed via SMTP
> 2.5 MISSING_HB_SEP Missing blank line between message header and
> body
> 1.3 MISSING_HEADERS Missing To: header
> 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
> 1.8 MISSING_SUBJECT Missing Subject: header
> 1.4 EMPTY_MESSAGE Message appears to have no textual parts and no
> Subject: text
> -0.0 NO_RECEIVED Informational: message has no Received headers
> 0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822
> headers
>
>
> ----- Original Message -----
>
> > From: "Peter Ong" <peter.ong at hypermediasystems.com>
> > To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> > Sent: Monday, December 6, 2010 7:58:26 AM
> > Subject: Re: new spam getting through
> >
> > Hey Mr. Steve, thanks for the plugins. I didn't thank you earlier.
> >
> > So here's how the plugin is faring at my place:
> >
> > 1. It appears to be working fine:
> > [7443] dbg: config: read file
> > /etc/mail/spamassassin/DecodeShortURLs.cf
> > [7443] dbg: plugin: loading
> > Mail::SpamAssassin::Plugin::DecodeShortURLs from
> > /etc/mail/spamassassin/DecodeShortURLs.pm
> > [7443] dbg: plugin:
> > Mail::SpamAssassin::Plugin::DecodeShortURLs=HASH(0xacc6f30) implements
> > 'parsed_metadata', priority -1
> >
> > 2. I still received spam, and it doesn't appear this was triggered at
> > all:
> > [root at me]# grep -c SHORT_U mail20101204
> > 0
> > [root at me]# grep -c SHORT_U mail20101205
> > 0
> >
> > I know those spams came through on these days through this server.
> >
> > 3. This is the spamassassin I'm running.
> > SpamAssassin version 3.2.5
> > running on Perl version 5.8.8
> >
> > 4. cd /tmp/DecodeShortURLs
> > du -hs DecodeShortURLs.txt
> > 0 DecodeShortURLs.txt
> >
> > I don't know what I'm missing. Can somebody help?
> >
> > p
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101206/3f3190f8/attachment.html
More information about the MailScanner
mailing list