Spam pass trough w/o activating any rules.
Posted: 29 May 2008, 07:50
Hi,
I am not sure its the right forum but lately I am getting high volume of spam which pass through mailscanner like a wind through a desert.
Almost all mails are treated correctly. MS, SA, clam works like a charm but theres small count of mails (comparing to whole mail count) which seems to baypass all checking
All of them dont have sender, are short and dont trigger any SA rule. Even If I rise SA rule for HTML mails to 0.4, those which are formatted in html dont triger any action.
Do You have any idea what to do?
Best ,
Piotr
Below is one of that messages, and later I put exim_mail log:
==================================
From - Thu May 29 07:26:07 2008
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path: <>
Envelope-to: JOE@MYEMAIL.COM
Delivery-date: Thu, 29 May 2008 06:51:15 +0200
Received: from 84.120.161.199.dyn.user.ono.com ([84.120.161.199])
by MY.SERVER.COM with smtp (Exim 4.68)
id 1K1a6b-0006ny-Cr
for JOE@MYEMAIL.COM; Thu, 29 May 2008 06:51:13 +0200
Received: from [84.120.161.199] (port= helo=84.120.161.199.dyn.user.ono.com)
by email.com with esmtp
id --
for JOE@MYEMAIL.COM; Thu, 29 May 2008 06:51:01 +0100
Message-ID: <483E3635.7070509@MYEMAIL.COM>
Date: Thu, 29 May 2008 06:51:01 +0100
From: "Erwin" <>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: "Pat" <JOE@MYEMAIL.COM>
Subject: {Spam?} Really win casino
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spero-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: 1K1a6b-0006ny-Cr
X-Spero-MailScanner: No Virus Found.
X-Spero-MailScanner-SpamCheck: spam(no watermark or sender address)
X-Spero-MailScanner-From:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Win, win, win with us - really casino <A HREF="http://mexx-style.cn/">http://mexx-style.cn/</A>
</body>
</html>
====================================
main_exim log:
2008-05-29 06:51:12 H=84.120.161.199.dyn.user.ono.com [84.120.161.199] Warning: Sender rate 0.0 / 1h
2008-05-29 06:51:13 1K1a6b-0006ny-Cr <= <> H=84.120.161.199.dyn.user.ono.com [84.120.161.199] P=smtp S=895 id=483E3635.7070509@MYEMAIL.COM T="Really win casino"
2008-05-29 06:51:15 cwd=/var/spool/MailScanner/incoming/3913 5 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1K1a6b-0006ny-Cr
2008-05-29 06:51:15 1K1a6b-0006ny-Cr => JOE <JOE@MYEMAIL.COM> R=virtual_user T=virtual_userdelivery
2008-05-29 06:51:15 1K1a6b-0006ny-Cr Completed
I am not sure its the right forum but lately I am getting high volume of spam which pass through mailscanner like a wind through a desert.
Almost all mails are treated correctly. MS, SA, clam works like a charm but theres small count of mails (comparing to whole mail count) which seems to baypass all checking
All of them dont have sender, are short and dont trigger any SA rule. Even If I rise SA rule for HTML mails to 0.4, those which are formatted in html dont triger any action.
Do You have any idea what to do?
Best ,
Piotr
Below is one of that messages, and later I put exim_mail log:
==================================
From - Thu May 29 07:26:07 2008
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path: <>
Envelope-to: JOE@MYEMAIL.COM
Delivery-date: Thu, 29 May 2008 06:51:15 +0200
Received: from 84.120.161.199.dyn.user.ono.com ([84.120.161.199])
by MY.SERVER.COM with smtp (Exim 4.68)
id 1K1a6b-0006ny-Cr
for JOE@MYEMAIL.COM; Thu, 29 May 2008 06:51:13 +0200
Received: from [84.120.161.199] (port= helo=84.120.161.199.dyn.user.ono.com)
by email.com with esmtp
id --
for JOE@MYEMAIL.COM; Thu, 29 May 2008 06:51:01 +0100
Message-ID: <483E3635.7070509@MYEMAIL.COM>
Date: Thu, 29 May 2008 06:51:01 +0100
From: "Erwin" <>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: "Pat" <JOE@MYEMAIL.COM>
Subject: {Spam?} Really win casino
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spero-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: 1K1a6b-0006ny-Cr
X-Spero-MailScanner: No Virus Found.
X-Spero-MailScanner-SpamCheck: spam(no watermark or sender address)
X-Spero-MailScanner-From:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Win, win, win with us - really casino <A HREF="http://mexx-style.cn/">http://mexx-style.cn/</A>
</body>
</html>
====================================
main_exim log:
2008-05-29 06:51:12 H=84.120.161.199.dyn.user.ono.com [84.120.161.199] Warning: Sender rate 0.0 / 1h
2008-05-29 06:51:13 1K1a6b-0006ny-Cr <= <> H=84.120.161.199.dyn.user.ono.com [84.120.161.199] P=smtp S=895 id=483E3635.7070509@MYEMAIL.COM T="Really win casino"
2008-05-29 06:51:15 cwd=/var/spool/MailScanner/incoming/3913 5 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1K1a6b-0006ny-Cr
2008-05-29 06:51:15 1K1a6b-0006ny-Cr => JOE <JOE@MYEMAIL.COM> R=virtual_user T=virtual_userdelivery
2008-05-29 06:51:15 1K1a6b-0006ny-Cr Completed