Hello all,
Our spam system which is qmailtoaster based, running on FC5 is working
really well. However we have just added a new domain to it, and one of the
users is getting a large amount of untagged spam. At least for our system
it is a large amount. Roughly 10 to 15% of the spam is coming through
untagged.
I asked him to forward me some of them for review so I could check the
headers and see what the system was doing. First strange thing was that
mailing directly to me, detected them as spam correctly. When I check the
headers of the forwarded (as attachments) mail, they are incorrect.
Below is on of the mails "headers", it seems to be text from the body of the
mail. Most of the missed ones are like this.
AziaTxFwMGAXY9Y4DdrCo0rlLfYya1wB19K5whWZGbJrtfTa
0b0G1FvM4tBO18oAIXn1rV84WbaKpU5S4cSpXFCsEMcqMrfuEVpSDWvKrDpXrN5sDv8hkUtEzHG4
ZDJtTXmylQycdjeKlIGaX+PSnG6xmjbFLQt/HZofEiqIvz4hq70Nm25r6rPhZs1rWFAt4tSUPrsd
kbFhmOyieGtQvFHXZ49S22qvu6XkvjahMyiJr2w1XM/+yrmjBEHpjuG79zEvOzWoDz1coTtL9OIc
m7geL453S0+kDnaiGKUbKJeN9VIIcxuYQ/e0qz1YLDgc12ufftd3PgonzxuesPAmstHIgHTPIJpj
ByqfEIvmUSgZ+GAvhslXh1TNysSNDJ/yEKZeZDxDjrM81eb4e+LKwTfEgngvh/Gbi5jQo1Y/TsoV
L7I/j0xliT8RVZOhLL8M2s/KVF7/IgQ5sksMY3mEMgvrQlGoy5zEh3gnzLIbQPfln+hwhG1eCQLF
Emdk1NkrWE7zWlaYZMM89mVvVowPjUiZLb5kAn8J9EwUzZEV4rB/SBNJDKny0SPq5s1XrLQXlQhp
LiqEtZymYhSTIz9Du8RX81vyqGsbaQ/eDIoEdGJf/ufCvbRnRGAMxCJzGSEXISN+o7wDd24QIvIQ
U0dqDPZ/ej3sXB47d7/4z1AxaTr5DBtAv/MkZkgJDWjfUhLzqE+zB/HK9SQ7kR9KZbQV4Z9SAkgH
8sV2OX75HefAyNJXmAddftyd322oq+ojY4ReGR4GKSEQmMqkjCoAnFXsW0C7XJGB/+BIyhoCFlNI
YmefHoqxwICaTrMdQj3rhN5zCTSyeFLmkNxppnj+k4mMHblwt7ly2L4gU3vCl52GsHO38eK6L5BB
lr5wJblIitXeOnq7BBSb7nYTsDATTTPxJKvDgMHlRmA62dr5GNAsKwalumm1aNpxmtwWXhF1FVAF
BripxWsLSKXrSzH7azC82Jo+izvdQypUMzCV7dyiu9X2/tyn5h1Vd28rtdIlq2xV9alrFYMIc/Wr
QeGEWJQVDLaG8nhhdX23HsBPIlX215L99S+lWGzPQs7V1ezU5GTKmQ3g8ViYcZ1dASOs2MRs99oT
/uK6v9rHVENpwd/+96fPAtpMH//kfumRYxo7WN22bpfk3xwZJ2qV2ow9jp5qPhQzeqjRuEqgfAG3
NEorbXitz3
Here is another one, which is partial, but missing loads..
ODY: 3alpha-pock-3alpha
0.6 J_CHICKENPOX_54 BODY: 5alpha-pock-4alpha
0.6 J_CHICKENPOX_71 BODY: 7alpha-pock-1alpha
0.6 J_CHICKENPOX_52 BODY: 5alpha-pock-2alpha
0.6 J_CHICKENPOX_13 BODY: 1alpha-pock-3alpha
0.8 J_CHICKENPOX_24 BODY: 2alpha-pock-4alpha
0.6 J_CHICKENPOX_28 BODY: 2alpha-pock-8alpha
0.6 J_CHICKENPOX_82 BODY: 8alpha-pock-2alpha
0.6 J_CHICKENPOX_25 BODY: 2alpha-pock-5alpha
0.6 J_CHICKENPOX_74 BODY: 7alpha-pock-4alpha
0.6 J_CHICKENPOX_23 BODY: 2alpha-pock-3alpha
0.6 J_CHICKENPOX_81 BODY: 8alpha-pock-1alpha
0.6 J_CHICKENPOX_44 BODY: 4alpha-pock-4alpha
0.6 J_CHICKENPOX_53 BODY: 5alpha-pock-3alpha
0.6 J_CHICKENPOX_26 BODY: 2alpha-pock-6alpha
0.6 J_CHICKENPOX_31 BODY: 3alpha-pock-1alpha
0.6 J_CHICKENPOX_73 BODY: 7alpha-pock-3alpha
0.6 J_CHICKENPOX_35 BODY: 3alpha-pock-5alpha
1.8 TVD_FW_GRAPHIC_NAME_LONG BODY: TVD_FW_GRAPHIC_NAME_LONG
2.8 TVD_FW_GRAPHIC_ID1 BODY: TVD_FW_GRAPHIC_ID1
1.2 TVD_FW_GRAPHIC_NAME_MID BODY: TVD_FW_GRAPHIC_NAME_MID
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 SARE_GIF_ATTACH FULL: Email has a inline gif
1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 co
It starts and ends exactly as above. I've not seen this on our system
before. The only thing I can think is they have an exchange server which
possibly is doing something to the headers, but this doesn't explain why
spamassassin isn't tagging these very obvious spams, aimed at this user, but
it tags them when mailed to me? All our accounts are on the same server.
Sorry for the long mail, this is a strange one, for me at least anyway.
Thanks
-------------------------------------------------------
Craig Smith - Systems Engineer - Doctor Net
t. 0870 770 4990 - f. 0870 770 4991
Visit www.doc-net.com - let us be your key to success
Visit www.eMailCampaigner.com - close sales cheaper and faster
Visit www.SprintCRM.com - understand your customers better and increase
sales
-------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If you received this in error, please contact the sender and
delete the material.
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
