Dan,
Note the order of the header lines. There are two groups of "Received" lines
(read: forged headers), separated by some other stuff, including that telltale
"X-Message-Info". You could add the rule that looks for that field; it was
published on this list a few days ago.
Otherwise there is a blacklisted relay in the chain. Here's the scoring I got
on the header:
Content analysis details: (9.0 points, 6.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
4.0 RM_MessageInfo X-Message-Info header found
0.0 BAYES_50 BODY: Bayesian spam probability is 50 to 56%
[score: 0.5007]
2.5 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=203.168.225.198>]
2.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?203.168.225.198>]
regards,
Pierre Thomson
BIC
-----Original Message-----
From: Dan Didier [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 27, 2004 8:03 AM
To: Spam Assassin List
Subject: Email sometimes not tagged as SPAM
Hi,
I am running SA 2.63 on a redhat 7.3 box with qmail-scanner 1.21. It
seems to be working most of the time, but check out this header, this
mail was not tagged. Anyone have any ideas?
Thanks,
Dan
Microsoft Mail Internet Headers Version 2.0
Received: from mapci-mailer-02.mapolce.com ([172.29.128.239]) by
map2kex.MAPCI.com with Microsoft SMTPSVC(5.0.2195.6713);
Wed, 26 May 2004 22:13:15 -0400
Received: (qmail 29742 invoked by uid 512); 27 May 2004 02:13:32 -0000
Received: from [EMAIL PROTECTED] by MAPCI-MAILER-02 by uid 504 with
qmail-scanner-1.21st
(clamscan: 0.70-rc. spamassassin: 2.63.
Clear:RC:0(203.168.225.198):SA:0(-85.8/5.2):.
Processed in 15.305462 secs); 27 May 2004 02:13:32 -0000
X-Spam-Status: No, hits=-85.8 required=5.2
X-Qmail-Scanner-Mail-From: [EMAIL PROTECTED] via MAPCI-MAILER-02
X-Qmail-Scanner: 1.21st (Clear:RC:0(203.168.225.198):SA:0(-85.8/5.2):.
Processed in 15.305462 secs)
Received: from unknown (HELO cm203-168-225-198.hkcable.com.hk)
(203.168.225.198)
by 0 with SMTP; 27 May 2004 02:13:16 -0000
X-Message-Info: XKXVjXV75nEHlCh697o1+PRXTc6fJBVM
Received: from mail255.wia.optusnet.com.au ([0.32.106.19]) by
dw65-x3.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824);
Fri, 28 May 2004 23:46:27 -0200
Received: from KSKR99 (g253.112.89.74.cntcu2.aog.optusnet.com.au
[182.154.112.86])
by mail808.fzr.optusnet.com.au (78.01.8h5/0.73.6) with SMTP id
f5X30Rg48670;
Sat, 29 May 2004 03:51:27 +0200
Message-ID: <[EMAIL PROTECTED]>
From: "Erik Lyles" <[EMAIL PROTECTED]>
To: "Dan" <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Subject: Hi Dan
Date: Fri, 28 May 2004 20:53:27 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--91217396134506812"
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
MAPCI-MAILER-02
X-Spam-Level:
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 27 May 2004 02:13:15.0390 (UTC)
FILETIME=[2B4AF1E0:01C44390]
----91217396134506812
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit
----91217396134506812--
