[Mimedefang] Next Generation Spammer?
Rudolf Christel
rcj-mail at christel.org
Mon Jun 21 05:01:55 EDT 2004
Hello,
I received a mail, which was definitly spam.
Because greylisting was installed yesterday, I thought about an error
within the filter, so I checked the logs. And now the Intressting part.
The triplet was first greylisted.
15 min. later the mail was resend. Now, Spamassasin catched the mail as
spam, with an count of >10 scores.
(10.206) DATE_MISSING,HTML_50_60,HTML_IMAGE_ONLY_06,HTML_MESSAGE
,MSGID_FROM_MTA_HEADER,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK to
Normaly, the Sendmail now repley with an 5.5.4 Spam found, mail rejected.
Usually the other side drops now the connection.
But this time, sendmail received an RSET and the sender restarted the
sending of the mail. The mail went through mimedefang and spamassasin with
an count of 4.463.
(4.463)
DATE_MISSING,HTML_30_40,HTML_IMAGE_RATIO_04,HTML_MESSAGE,MSGID_FROM_MTA_HEADER
The looks the same, but is a little bit different from the first one, so
it got not the same HTML counts and so on. But weired is that the RAZOR
checks not was counted at the second atemp.
Does Mimedefang or Spamassasin not check the net tests after a RSET?
Any Ideas to prevent this kind of spam?
kind regards
Rudolf Christel
--
Alt-Ringlein
Restaurant Alt-Ringelin
Dominikanerstr. 9
96049 Bamberg
More information about the MIMEDefang
mailing list