[Mimedefang] 'spam' spam getting through

Stewart stewart at f8.com.au
Fri Oct 24 00:00:57 EDT 2003 

Hi..

Just this last week i've been getting an increasing number of spams 
seeming to slip through our until-now-very-effective spamassasin 
checks. the annoying thing is they're all advertising anti-spam 
software. (obviously these spammers know what they're doing, maybe i 
ought to buy it!! :-)

anyway i'm running debian unstable with mimedefang 2.35-1 and 
spamassassin 2.55-3.  i've munged the mail log entry and message 
headers for anonymity below ... it would seem that mimedefang isn't 
calling spamassassin? i'm not so hot at interpreting smtp headers so 
forgive me if i'm missing something obvious... but any suggestions 
welcome..

cheers,
..S.

Oct 24 13:15:37 myhost sm-mta[15111]: h9O3FXWs015111: 
from=<t8ezawko at hurting.com>, size=5559, class=0, nrcpts=5, 
msgid=<40ub2-$-p-$5$pp4252--i7t8i at lv4p53l.hpb>, proto=SMTP, daemon=MTA, 
relay=bgp958693bgs.derbrh01.mi.comcast.net [68.41.121.245]
Oct 24 13:16:08 myhost sm-mta[15111]: h9O3FXWs015111: Milter add: 
header: X-Scanned-By: MIMEDefang 2.35
Oct 24 13:16:09 myhost sm-mta[15113]: h9O3FXWs015111: 
to=<stewart at xxxx.com.au>,sales at xxxx.com.au,<john at xxxx.com.au>, 
delay=00:00:34, xdelay=00:00:01, mailer=cyrus, pri=95811, 
relay=localhost, dsn=2.0.0, stat=Sent



> Return-Path: <t8ezawko at hurting.com>
> Received: from myhost.xxxx.com.au ([unix socket])
> 	by myhost (Cyrus v2.1.13-IPv6-Debian-2.1.13-4) with LMTP; Fri, 24 Oct 
> 2003 13:16:08 +1000
> X-Sieve: CMU Sieve 2.2
> Received: from bgp958693bgs.derbrh01.mi.comcast.net 
> (bgp958693bgs.derbrh01.mi.comcast.net [68.41.121.245])
> 	by myhost.xxxx.com.au (8.12.9/8.12.9/Debian-3) with SMTP id 
> h9O3FXWs015111;
> 	Fri, 24 Oct 2003 13:15:35 +1000
> Received: from (HELO k0r8) [82.188.86.148] by 
> bgp958693bgs.derbrh01.mi.comcast.net with ESMTP id 37816503; Fri, 24 
> Oct 2003 03:23:15 -0100
> Message-ID: <40ub2-$-p-$5$pp4252--i7t8i at lv4p53l.hpb>
> From: "Yvette Egan" <t8ezawko at hurting.com>
> Reply-To: "Yvette Egan" <t8ezawko at hurting.com>
> To: john at xxxx.com.au
> Subject: john at xxxx.com.au, Put an END to Spam for GOOD!hinterland
> Date: Fri, 24 Oct 2003 03:23:15 GMT
> X-Mailer: gelatinous inescapable extradite1395
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> 	boundary=".FB.5AAA39B_CE4B6_9"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Scanned-By: MIMEDefang 2.35
>
>
> --.FB.5AAA39B_CE4B6_9
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
>
> <html>
[....snip...]
> </html>bjs mu   bjsu prfmzsag
> w
> jsjmkslv zsq tiu
> z
> j  tz zd
> yoxopxs
>
> wf svzsq
>
> --.FB.5AAA39B_CE4B6_9--
>

More information about the MIMEDefang mailing list