[Mimedefang] Strange issue with mimedefang/spamassassin reports. [LOGS]

Champ Clark III [Softwink] champ at softwink.com
Wed Jun 3 12:17:18 EDT 2009 

	These are logs from the mail server: 

--[Snip]-----------------------------------

Jun  2 23:54:40 lucas mimedefang.pl[3384]: MDLOG,n533rNV2029956,spam,31.759,118.88.38.123,<betsymullenwc at worldnet.att.net>,<denise@[REMOVED]>,Vgr And Cialis for low prices .And free gift for everyone    4qc
Jun  2 23:54:42 lucas mimedefang.pl[3384]: MDLOG,n533rNV2029956,mail_in,,,<betsymullenwc at worldnet.att.net>,<denise@[REMOVED]>,Vgr And Cialis for low prices .And free gift for everyone    4qc
Jun  2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter change (add): header: X-Spam-Score: 31.759 (*******************************) BAYES_50,DRUGS_ERECTILE,DRUG_ED_GENERIC,FB_CIALIS_LEO3,FH_RELAY_NODNS,LOCAL_DRUGS_MALEDYSFUNCTION,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,SARE_SUB_FREE,SARE_WEOFFER,SPF_HELO_NEUTRAL,SUBJECT_DRUG_GAP_C,TW_FY,TW_TF,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_WS_SURBL
Jun  2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter add: header: X-Orig-Rcpts: <denise@[REMOVED]>
Jun  2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter delete: rcpt <denise@[REMOVED]>
Jun  2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter add: rcpt: spam at localhost
Jun  2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter change: header Content-Type: from  text/plain;\n\tcharset="iso-8859-2" to multipart/mixed; boundary="----------=_1244001265-3384-129"
Jun  2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter change: header MIME-Version: from  1.0 to 1.0
Jun  2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter delete: header Content-Transfer-Encoding: 8bit
Jun  2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter message: body replaced
Jun  2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter add: header: X-Scanned-By: MIMEDefang 2.64 on 24.240.168.169
Jun  2 23:54:42 lucas sm-mta[29990]: n533rNV2029956: to=spam at localhost, delay=00:00:28, xdelay=00:00:00, mailer=local, pri=1411249, dsn=2.0.0, stat=Sent
Jun  2 23:54:42 lucas sm-mta[29990]: n533rNV2029956: to=<ak_ns at vistech.net>, delay=00:00:28, xdelay=00:00:00, mailer=smtp, pri=1411249, relay=[12.145.241.50] [12.145.241.50], dsn=5.1.1, stat=User unknown
Jun  2 23:54:42 lucas sm-mta[29990]: n533rNV2029956: to=<black at vistech.net>, delay=00:00:28, xdelay=00:00:00, mailer=smtp, pri=1411249, relay=[12.145.241.50] [12.145.241.50], dsn=5.1.1, stat=User unknown

--[SNIP]-------------------------------------

	The "User unknowns" go on for quite a while..   About
30 or so "User unknowns"... hmmmm.

	Example of spam that get flagged and sends a report.  This is
the e-mail that bypasses the "spam at localhost" and ends up in the 
users mail box.


--[SNIP]--------------------------------------

From betsymullenwc at worldnet.att.net  Tue Jun  2 23:54:42 2009
Return-Path: betsymullenwc at worldnet.att.net
Received: from lucas.softwink.com (lucas.att.vistech.net [12.145.241.102])
        by bundy.vistech.net (8.14.0/8.13.4) with ESMTP id n533sgN7008675;
        Tue, 2 Jun 2009 23:54:42 -0400
Received: from sympatico.ca ([118.88.38.123])
        by lucas.softwink.com (8.14.0/8.13.4) with ESMTP id n533rNV2029956;
        Tue, 2 Jun 2009 23:54:14 -0400
Message-ID: <2d8601c9e3fd$fdda24b1$f3edee3f at b9l5nj3>
From: Betsy Mullen <betsymullenwc at worldnet.att.net>
To: denise@[REMOVED]
Subject: Vgr And Cialis for low prices .And free gift for everyone    4qc
Date: Wed, 03 Jun 2009 03:42:24 +0000
MIME-Version: 1.0
X-Sender: <betsymullenwc at worldnet.att.net>
Sender: betsymullenwc at worldnet.att.net
In-Reply-To: <8fb201c9e1e5$9048900d$f0b187e3 at hf6fub3>
Content-Type: multipart/mixed; boundary="----------=_1244001265-3384-129"
X-Greylist: Delayed for 345555:55:20 by milter-greylist-3.0 (lucas.softwink.com
        [24.240.168.169]); Tue, 02 Jun 2009 23:54:25 -0400 (EDT)
X-Spam-Score: 31.759 (*******************************)
        BAYES_50,DRUGS_ERECTILE,DRUG_ED_GENERIC,FB_CIALIS_LEO3,FH_RELAY_NODNS,LO
        CAL_DRUGS_MALEDYSFUNCTION,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,RAZOR2_
        CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZO
        R2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,
        SARE_SUB_FREE,SARE_WEOFFER,SPF_HELO_NEUTRAL,SUBJECT_DRUG_GAP_C,TW_FY,TW_
        TF,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_WS_SUR
        BL
X-Orig-Rcpts: <denise at vistech.net>
X-Scanned-By: MIMEDefang 2.64 on 24.240.168.169

[-- Attachment #1 --]
[-- Type: text/plain, Encoding: 8bit, Size: 0.8K --]

Dear denise@[REMOVED]

http://womensmedicaljournal.at
http://womensmedicaljournal.at
DA & CPA Approved Pharmacy site
VeriSign secured payment site
We ship to all countries


---[SNIP]------------------------------------

-- 
        Champ Clark III | Softwink, Inc | 800-538-9357 x 101
                     http://www.softwink.com

GPG Key ID: 58A2A58F
Key fingerprint = 7734 2A1C 007D 581E BDF7  6AD5 0F1F 655F 58A2 A58F
If it wasn't for C, we'd be using BASI, PASAL and OBOL.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20090603/760082d8/attachment.sig>

More information about the MIMEDefang mailing list