I just figured out why SPAMCOP(DYNA) didn't hit...it's because the
sender forged a local address as the Mail From and it appears that this
is what you are using as a trip to turn off DUL tests. Please allow
those of us on IMail 8.x with WHITELIST AUTH to turn this feature off.
There was an old discussion about this, but clearly this is causing
problems since it is being exploited. In fact this severely weakens my
system for hosted accounts, and unfortunately I wasn't aware of how big
the issue was until now.
Thanks,
Matt
Matt wrote:
Scott,
I have a filter for the following that isn't getting hit:
BODY 4 ISBLANK
SUBJECT 2 ISBLANK
For some reason IMail consistently delivers messages from broken
spamware, and those filters seem like the best way to add points to the
message. Here's an example:
Received: from p508B2C3C.dip.t-dialin.net
[80.139.44.60] by mx3.mailpure.com
(SMTPD32-8.05) id AAA6127301CC; Tue, 11 May 2004 09:52:38 -0400
Received: from h[8
Subject: [16]
X-MailPure:
================================================================
X-MailPure: SPAMCOP(ALL): Failed, listed in bl.spamcop.net (weight 2).
X-MailPure: FIVETEN-SPAM: Failed, listed in blackholes.five-ten-sg.com
(weight 1).
X-MailPure: BRINKPATTERN: Failed, BRINK pattern found (weight 1).
X-MailPure: BADHEADERS: Failed, headers not RFC compliant [8c200001]
(weight 4).
X-MailPure: CMDSPACE: Failed, improperly formatted SMTP commands
(weight 3).
X-MailPure: FORGEDFROM: Message failed FORGEDFROM test (weight 2).
X-MailPure: FOREIGN: Message failed FOREIGN test (line 1432, weight 3)
(weight capped at 3).
X-MailPure: RECIPIENTS: <hidden>
X-MailPure:
================================================================
X-MailPure: Spam Score: 16
X-MailPure: Scan Time: 09:52:44 on 05/11/2004
X-MailPure: Spool File: Ddaa6127301cc364a.SMD
X-MailPure: Server Name: p508B2C3C.dip.t-dialin.net
X-MailPure: SMTP Sender: hidden
X-MailPure: Received From: p508B2C3C.dip.t-dialin.net
[80.139.44.60]
X-MailPure: Country Chain: GERMANY->destination
X-MailPure:
================================================================
X-MailPure: Spam and virus blocking services provided by MailPure.com
X-MailPure:
================================================================
They always look like this, and while these account for about 2.5% of
my hold file, many more are scoring higher and unfortunately some of
these are also passing.
Also note that I have no idea why SPAMCOP(ALL) failed and SPAMCOP(DYNA)
didn't fail considering that there is only one IP shown, but that's
another issue.
Thanks,
Matt
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|
