Hey guys,
I've gotten sick of inconsistent spam filtering between different email
clients, so I decided to give the OIT server-based Junk Mail Analyzer a try
(http://www.helpdesk.umd.edu/documents/4/4383/).
I signed up for it and tweaked the settings. I started to look at the headers
of my email, and it seems to be checked by TWO different anti-spam programs.
For example, the headers of a recent spam contained:
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=8.8 required=5.0 tests=DATE_IN_PAST_06_12,
HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,HTML_60_70,HTML_MESSAGE,
INFO_TLD autolearn=disabled version=3.0.4
X-Spam-Report:
* 2.8 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
* 3.5 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP
addr 1)
* 0.3 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
* 1.7 INFO_TLD URI: Contains an URL in the INFO top-level domain
* 0.5 HTML_60_70 BODY: Message is 60% to 70% HTML
* 0.0 HTML_MESSAGE BODY: HTML included in message
X-Spam-Level: ********
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mailfw2.umd.edu
X-Junkmail: UCE(300)
X-Junkmail-Status: score=300/50, host=po1.mail.umd.edu
X-Junkmail-SD-Raw: score=confirmed,
refid=str=0001.0A090205.45866167.0031,ss=4,sh,pt=6420,fgs=0,
ip=128.8.70.17,
so=2006-05-09 23:27:51,
dmn=5.2.125/2006-10-10
The X-Spam headers seem to come from the Junk Mail Analyzer (since the OIT web
site indicates that it is based on SpamAssassin). But what is the source of
the X-Junkmail headers???
Can anyone tell me what this second anti-spam program is, and where it is
running?
Dan
