[Mimedefang] Quarantine notifications getting quarantined?

Rich Stanton rich at m064.md.uwcm.ac.uk
Tue Dec 30 16:46:02 EST 2003


> -----Original Message-----
> From: David F. Skoll [mailto:dfs at roaringpenguin.com]
> Sent: 29 December 2003 21:35
> To: mimedefang at lists.roaringpenguin.com
> Subject: Re: [Mimedefang] Quarantine notifications getting quarantined?
> 
> I'd be interested in seeing the SA scores to know why the quarantine
> messages
> got quarantined.
> 
> Regards,
> 
> David.

I'd be interested in knowing why they were quarantined too - in the maillogs
the first quarantined-quarantine I looked at had a score of 5.401.  I
unquarantined it, saved it as a text file in outlook, copied it over to the
linux mailserver & ran 'spamassassin < mail.txt > output.txt' (having
temporarily removed my mailserver from my spamassassin whitelist).  Weirdly
it actually gave a higher score this time (although spamassassin did have to
create user prefs - I don't know if this will have effected anything; also,
I don't know if it may have effected things that the mail was in windows
text format rather than linux?).  Here's the full output:


Received: from localhost [127.0.0.1] by xxxx.ac.uk
	with SpamAssassin (2.61 1.212.2.1-2003-12-09-exp);
	Tue, 30 Dec 2003 21:14:46 +0000
From: MIMEDefang [mimedefang at xxxxx.ac.uk]
To: Rich Stanton
Subject: MIMEDefang Quarantine Report
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
	xxxxx.ac.uk
X-Spam-Level: *********
X-Spam-Status: Yes, hits=9.5 required=5.0 tests=DATE_MISSING,EMAIL_ROT13,
	MORTGAGE_PITCH,TO_HAS_SPACES,TO_MALFORMED autolearn=no version=2.61
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_3FF1EAC6.D02C2598"

This is a multi-part message in MIME format.

------------=_3FF1EAC6.D02C2598
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "xxxx.ac.uk", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email.  If you have any questions, see
xxx at xxxx.ac.uk for details.

Content preview:  An e-mail message was quarantined in the directory
  /var/spool/MD-Quarantine/qdir-2003-12-29-09.51.17-001 on the mail
  server. The sender was '<pvrksxo at 1atlantic.com>'. The Sendmail queue
  identifier was hBT9pGXi013985. [...] 

Content analysis details:   (9.5 points, 5.0 required)

 pts rule name              description
---- ----------------------
--------------------------------------------------
 1.0 DATE_MISSING           Missing Date: header
 2.4 TO_HAS_SPACES          To: address contains spaces
 0.3 TO_MALFORMED           To: has a malformed address
 1.5 MORTGAGE_PITCH         BODY: Looks like mortgage pitch
 4.3 EMAIL_ROT13            BODY: Body contains a ROT13-encoded email
address



------------=_3FF1EAC6.D02C2598
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

From: MIMEDefang [mimedefang at xxxxx.ac.uk]
Sent: 29 December 2003 09:51
To: Rich Stanton
Subject: MIMEDefang Quarantine Report

An e-mail message was quarantined in the directory
/var/spool/MD-Quarantine/qdir-2003-12-29-09.51.17-001 on the mail server.

The sender was '<pvrksxo at 1atlantic.com>'.

The Sendmail queue identifier was hBT9pGXi013985.

The relay machine was localhost.localdomain (127.0.0.1).

The entire message was quarantined in
/var/spool/MD-Quarantine/qdir-2003-12-29-09.51.17-001/ENTIRE_MESSAGE

Recipient: <xxxx at localhost>

----------
Here are the message headers:
Received: from pop.xxxxx.com [62.253.xxx.xx]	by localhost with POP3
(fetchmail-6.2.0)	for xxxx at localhost (single-drop); Mon, 29 Dec 2003
09:51:16 +0000 (GMT)
Received: from bigfoot.com ([64.15.239.131]) by xxxxx.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP          id
<20031228200207.GYUI9852.xxxxxxx.com at bigfoot.com>          for
<xxxx.xxxx at xxxx.com>;          Sun, 28 Dec 2003 20:02:07 +0000
Received: from server146.1atlantic.com ([69.25.12.146])	by
BFLITEMAIL3A.bigfoot.com (LiteMail v3.03(BFLITEMAIL3A)) with SMTP id
0312281410_BFLITEMAIL3A_193300_102007519;	Sun, 28 Dec 2003 15:02:14
-0500 EST
To: xxxxx at bigfoot.com
Date: Sun, 28 Dec 2003 18:53:40 -0500
Message-ID: <1072655620.972 at server146.1atlantic.com>
X-Mailer: Perl5 Mail::Internet v1.32
From: info-center<pvrksxo at 1atlantic.com>
Subject: Insane mortgage rate of 1.95%
comments: evpufgnagba^ovtsbbg(pbz
X-Comment: liconmsdfggkckqwjytrgrsuiqmsk
Organization: lhxvmolyiqgqyqtjjqtimnqejlmab
Content-type: text/html;

------------=_3FF1EAC6.D02C2598--




More information about the MIMEDefang mailing list