I am having an issue with some spam slipping through. When I check the MSG.0
file from the quarantine against a manual run of the ENTIRE_MESSAGE file from
the quarantine there are rules that are not hit. I am running them manually as
the same user as mimedefang so I don't think it could be a permission issue. Is
there a timeout setting or something else I could be missing that could be
causing this?
Any help is appreciated.
Thanks,
David
I am running on RHEL 4 and my setup is
sendmail(8.13.2)->mimedefang(2.57)->spamassassin(3.1.7)
Here is an example from the quarantine
[EMAIL PROTECTED] qdir-2007-01-23-16.27.29-001]$ more MSG.0
Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Limited Account Access Details PayPal Security Center
Dear PayPal Member, We recently reviewed your account, and we need more
information about your business to allow us to provide uninterrupted
service. Until we can collect this information, your access to sensitive
account features will be limited. We would like to restore your access
as soon as possible. We apologize for the inconvenience. [...]
Content analysis details: (0.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
3.2 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
0.603 5 BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY,NO_DNS_FOR_FROM
Here is the output from when it manually
[EMAIL PROTECTED] qdir-2007-01-23-16.27.29-001]$ spamassassin < ENTIRE_MESSAGE
[15334] warn: Subroutine new redefined at /etc/mail/spamassassin/FuzzyOcr.pm
line 116.
[15334] warn: Subroutine parse_config redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 126.
[15334] warn: Subroutine dummy_check redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 223.
[15334] warn: Subroutine fuzzyocr_check redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 227.
[15334] warn: Subroutine load_global_words redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 237.
[15334] warn: Subroutine load_personal_words redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 255.
[15334] warn: Subroutine parse_scansets redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 278.
[15334] warn: Subroutine max redefined at /etc/mail/spamassassin/FuzzyOcr.pm
line 285.
[15334] warn: Subroutine reorder redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 293.
[15334] warn: Subroutine pipe_io redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 298.
[15334] warn: Subroutine handle_error redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 410.
[15334] warn: Subroutine logfile redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 416.
[15334] warn: Subroutine check_image_hash_db redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 435.
[15334] warn: Subroutine add_image_hash_db redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 475.
[15334] warn: Subroutine calc_image_hash redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 497.
[15334] warn: Subroutine debuglog redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 537.
[15334] warn: Subroutine wrong_ctype redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 543.
[15334] warn: Subroutine corrupt_img redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 562.
[15334] warn: Subroutine known_img_hash redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 587.
[15334] warn: Subroutine check_fuzzy_ocr redefined at
/etc/mail/spamassassin/FuzzyOcr.pm line 602.
Received: from localhost by mx1.narus.com
with SpamAssassin (version 3.1.7);
Tue, 23 Jan 2007 16:53:20 -0800
From: PayPal <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: *****SPAM***** Please update your information
Date: Tue, 23 Jan 2007 18:14:31 -0500
Message-Id: <[EMAIL PROTECTED]>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mx1.narus.com
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.8 required=5.0 tests=BAYES_50,DBL_12_LETTER_FLDR,
DBL_12_LETTER_PGIMG,HTML_MESSAGE,MIME_HTML_ONLY,SARE_FORGED_PAYPAL,
SARE_FORGED_PAYPAL_C,SARE_SPOOF_BADURL,SPF_HELO_PASS autolearn=no
version=3.1.7
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_45B6AE00.466443F3"
This is a multi-part message in MIME format.
------------=_45B6AE00.466443F3
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Limited Account Access Details PayPal Security Center
Dear PayPal Member, We recently reviewed your account, and we need more
information about your business to allow us to provide uninterrupted
service. Until we can collect this information, your access to sensitive
account features will be limited. We would like to restore your access
as soon as possible. We apologize for the inconvenience. [...]
Content analysis details: (5.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.2 DBL_12_LETTER_FLDR DBL_12_LETTER_FLDR
0.2 DBL_12_LETTER_PGIMG DBL_12_LETTER_PGIMG
1.1 SARE_SPOOF_BADURL SARE_SPOOF_BADURL
4.0 SARE_FORGED_PAYPAL Message appears to be forged, (paypal.com)
1.3 SARE_FORGED_PAYPAL_C Has Paypal from, no Paypal received header.
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_45B6AE00.466443F3
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: from localhost.localdomain (cajemtalk [127.0.0.1])
by localhost.localdomain (8.12.8/8.12.8) with ESMTP id l0NNEWDJ024016
for <[EMAIL PROTECTED]>; Tue, 23 Jan 2007 18:14:32 -0500
Received: (from [EMAIL PROTECTED])
by localhost.localdomain (8.12.8/8.12.8/Submit) id l0NNEVmw024014;
Tue, 23 Jan 2007 18:14:31 -0500
Date: Tue, 23 Jan 2007 18:14:31 -0500
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Please update your information
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: PayPal <[EMAIL PROTECTED]>
<head>
<title>Limited Account Access Details</title>
<style type="text/css">
<!--
.style2 {color: #003366}
.style6 {color: #003366; font-size: 16px; }
-->
</style>
</head>
<body>
<div id="message" dir="ltr">
<style>#message .SectionTitle {
FONT-WEIGHT: bold; FONT-SIZE: small; FONT-FAMILY: arial, sans-serif
}
#message .SmallTitle {
FONT-WEIGHT: bold; FONT-SIZE: x-small; FONT-FAMILY: arial, sans-serif
}
#message .SectionBody {
FONT-SIZE: x-small; FONT-FAMILY: arial, sans-serif
}
#message .DetailTable {
FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: arial, sans-serif
}
#message .DetailTable TH {
FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: arial, sans-serif
}
#message .Title {
FONT-SIZE: medium; FONT-FAMILY: verdana, arial, sans-serif
}
#message .BodyFont {
FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: arial, sans-serif
}
#message .BodyFontStrong {
FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: arial, sans-serif
}
#message .SmallBody {
MARGIN-TOP: 8px; FONT-WEIGHT: normal; FONT-SIZE: xx-small;
MARGIN-BOTTOM: 6px; FONT-FAMILY: arial, sans-serif
}
#message .Separator {
COLOR: #cccccc; HEIGHT: 1px
}
#message .HighlightedSeparator {
COLOR: #9999cc; HEIGHT: 1px
}
#message .FooterSeparator {
COLOR: #cccccc; HEIGHT: 1px
}
#message .Footer {
MARGIN-TOP: 2px; FONT-SIZE: xx-small; MARGIN-BOTTOM: 8px; COLOR:
#666666; FONT-FAMILY: arial, sans-serif
}
#message .Footer P {
MARGIN-TOP: 2px; FONT-SIZE: xx-small; MARGIN-BOTTOM: 8px; COLOR:
#666666; FONT-FAMILY: arial, sans-serif
}
#message .SmallPara {
MARGIN-TOP: 8px; MARGIN-BOTTOM: 6px
}
#message .SmallParap {
MARGIN-TOP: 8px; MARGIN-BOTTOM: 6px
}
</style>
<style>#message .ItemTitle {
FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: arial, sans-serif
}
</style>
<xbody bgcolor="#FFFFFF">
<table dir="ltr" cellSpacing="0" cellPadding="0" width="600">
<tr>
<td dir="ltr" style="WORD-WRAP: break-word" width="600">
<xmeta http-equiv="Content-Type" content="text/html">
<xbody bgcolor="white" marginwidth="4" marginheight="4" topmargin="4"
leftmargin="4" vlink="#0000ff" link="#0000ff">
<table dir="ltr" cellSpacing="0" cellPadding="0" width="600" border="0">
<tr>
<td dir="ltr" bgColor="#FFFFFF" colSpan="2" height="2">
<p dir="ltr">
<img height="2" src="" width="1"></td>
</tr>
<tr dir="ltr" vAlign="top">
<td dir="ltr" width="600" bgColor="#FFFFFF">
<p dir="ltr"><font face="Arial, Helvetica, sans-serif" size="3">
<img height="1" src="" width="2"></font><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=_home"; target="_blank"><img
src="http://static.paypal.com/en_US/i/logo/paypal_logo.gif"; border="0"
width="200" height="50"></a></td>
<td dir="ltr" width="200" bgColor="#FFFFFF">
<div dir="ltr" align="right" style="width: 200; height: 34">
<p dir="ltr">
</div>
</td>
</tr>
<tr>
<td dir="ltr" bgColor="#FFFFFF" colSpan="2" height="2">
<p dir="ltr">
<img height="2" src="file:" width="1"></td>
</tr>
<tr>
<td dir="ltr" vAlign="center" bgColor="#FFFFFF" colSpan="2"
height="2">
<p dir="ltr">
<img height="2" src="" width="1"></td>
</tr>
</table>
<table dir="ltr" cellSpacing="0" cellPadding="0" border="0"
xmlns:fo="http://www.w3.org/1999/XSL/Format";>
<tr>
<td dir="ltr" bgColor="#6b7b91" colSpan="3" height="1">
<p dir="ltr">
<img height="1" src="" width="1"></td>
</tr>
<tr>
<td dir="ltr" width="1" bgColor="#6b7b91">
<p dir="ltr">
<img height="1" src="" width="1"></td>
<td dir="ltr" vAlign="top">
<table width="574" height="461" border="0" cellPadding="0"
cellSpacing="0" dir="ltr">
<tr>
<td dir="ltr" background="" height="20">
<table dir="ltr" cellSpacing="0" cellPadding="0" border="0">
<tr>
<td dir="ltr" bgColor="#cad2dd">
<p dir="ltr">
<img title alt=" "
src="http://pics.ebaystatic.com/aw/pics/securityCenter/imgShield_25x25.gif";
border="0" width="25" height="25"></td>
<td bgColor="#cad2dd"><b>
<font face="Arial, Helvetica, sans-serif" color="#000000"
size="-1"> P<font color="#000000">ayPal Security
Center</font></font></b>
</td>
<td dir="ltr" bgColor="#cad2dd">
<p dir="ltr">
<img title alt=" "
src="http://pics.ebaystatic.com/aw/pics/securityCenter/imgTabCorner_25x25.gif";
border="0" width="25" height="25"></td>
</tr>
</table>
</td>
</tr>
<tr>
<td dir="ltr" height="431"><table dir="ltr" cellSpacing="0"
cellPadding="10" border="0">
<tr>
<td height="431" dir="ltr"><table align="center" border="0"
cellpadding="0" cellspacing="0" width="600">
<tr>
<td><img alt="" border="0" height="1"
src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif"; width="600"></td>
</tr>
<tr>
<td height="19"><div class="style2" id="xptTitle">
Dear PayPal Member, </div></td>
</tr>
<tr>
<td valign="top"><span class="style6">We recently
reviewed your account, and we need more information about your business to
allow us to
provide uninterrupted service. Until we can collect this information, your
access to sensitive account features will be limited. We would like to restore
your access
as soon as possible. We apologize for the inconvenience.</span><br>
<hr class="dotted">
<span class="style2"><strong>Why is my account
access limited?</strong><br>
<br class="h6">
Your account access has been limited for the following
reason(s):<br>
<br>
</span>
<li class="style2"> <strong>January 22, 2007:
</strong>We have observed activity in this account that is unusual or
potentially high
risk.</li>
<span class="style2"><br>
<br>
(Your case ID for this reason is PP-139-271-816.)</span><br>
<br>
<hr class="dotted">
<span class="style2"><strong>How can I restore my account
access?</strong></span><br>
<br>
<table align="center" bgcolor="#cc9999" cellpadding="1"
cellspacing="0" width="100%">
<tr>
<td><table align="center" bgcolor="#ffeeee" cellpadding="5"
cellspacing="0" width="100%">
<tr>
<td height="29"><p class="emphasis"><strong>Please visit
the <a
href="http://data.printpoint.cz/OpenSSL/update/www.paypal.com/";>Resolution
<http://data.printpoint.cz/OpenSSL/update/www.paypal.com/%22%3EResolution>
Center</a> and complete the "Steps to Remove </strong><strong>Limitations."
</strong></p>
</td>
</tr>
</table></td>
</tr>
</table>
<hr class="dotted">
</td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
<tr>
<td dir="ltr" bgColor="#cad2dd" height="5">
<p dir="ltr">
<img height="5" src="../../Safe%20House%20-%201/ebay_files/x.gif"
width="1"></td>
</tr>
</table>
</td>
<td dir="ltr" width="1" bgColor="#6b7b91">
<p dir="ltr">
<img height="1" src="../../Safe%20House%20-%201/ebay_files/x.gif"
width="1"></td>
</tr>
<tr>
<td dir="ltr" bgColor="#6b7b91" colSpan="3" height="2">
<p dir="ltr">
<img height="1" src="../../Safe%20House%20-%201/ebay_files/x.gif"
width="1"></td>
</tr>
</table>
</xbody> </xmeta> </td>
</tr>
</table>
</xbody>
<p dir="ltr"></p>
</body>
</html>
------------=_45B6AE00.466443F3--
This email and attachments may contain Narus, Inc. confidential material. If
you are not the intended recipient, contact the sender immediately and delete
all instances of this email and attachments.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
![http://static.paypal.com/en_US/i/logo/paypal_logo.gif"](http://static.paypal.com/en_US/i/logo/paypal_logo.gif"){kind=link}
![http://pics.ebaystatic.com/aw/pics/securityCenter/imgShield_25x25.gif"](http://pics.ebaystatic.com/aw/pics/securityCenter/imgShield_25x25.gif"){kind=link}
![http://pics.ebaystatic.com/aw/pics/securityCenter/imgTabCorner_25x25.gif"](http://pics.ebaystatic.com/aw/pics/securityCenter/imgTabCorner_25x25.gif"){kind=link}
![https://www.paypalobjects.com/en_US/i/scr/pixel.gif"](https://www.paypalobjects.com/en_US/i/scr/pixel.gif"){kind=link}