[Mimedefang] Strange issue with mimedefang/spamassassin reports.
Champ Clark III [Softwink]
champ at softwink.com
Wed Jun 3 15:07:11 EDT 2009
These are logs from the mail server:
--[Snip]-----------------------------------
Jun 2 23:54:40 lucas mimedefang.pl[3384]: MDLOG,n533rNV2029956,spam,31.759,118.88.38.123,<betsymullenwc at worldnet.att.net>,<denise@[REMOVED]>,Vgr And Cialis for low prices .And free gift for everyone 4qc
Jun 2 23:54:42 lucas mimedefang.pl[3384]: MDLOG,n533rNV2029956,mail_in,,,<betsymullenwc at worldnet.att.net>,<denise@[REMOVED]>,Vgr And Cialis for low prices .And free gift for everyone 4qc
Jun 2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter change (add): header: X-Spam-Score: 31.759 (*******************************) BAYES_50,DRUGS_ERECTILE,DRUG_ED_GENERIC,FB_CIALIS_LEO3,FH_RELAY_NODNS,LOCAL_DRUGS_MALEDYSFUNCTION,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,SARE_SUB_FREE,SARE_WEOFFER,SPF_HELO_NEUTRAL,SUBJECT_DRUG_GAP_C,TW_FY,TW_TF,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_WS_SURBL
Jun 2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter add: header: X-Orig-Rcpts: <denise@[REMOVED]>
Jun 2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter delete: rcpt <denise@[REMOVED]>
Jun 2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter add: rcpt: spam at localhost
Jun 2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter change: header Content-Type: from text/plain;\n\tcharset="iso-8859-2" to multipart/mixed; boundary="----------=_1244001265-3384-129"
Jun 2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter change: header MIME-Version: from 1.0 to 1.0
Jun 2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter delete: header Content-Transfer-Encoding: 8bit
Jun 2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter message: body replaced
Jun 2 23:54:42 lucas sm-mta[29956]: n533rNV2029956: Milter add: header: X-Scanned-By: MIMEDefang 2.64 on 24.240.168.169
Jun 2 23:54:42 lucas sm-mta[29990]: n533rNV2029956: to=spam at localhost, delay=00:00:28, xdelay=00:00:00, mailer=local, pri=1411249, dsn=2.0.0, stat=Sent
Jun 2 23:54:42 lucas sm-mta[29990]: n533rNV2029956: to=<ak_ns at vistech.net>, delay=00:00:28, xdelay=00:00:00, mailer=smtp, pri=1411249, relay=[12.145.241.50] [12.145.241.50], dsn=5.1.1, stat=User unknown
Jun 2 23:54:42 lucas sm-mta[29990]: n533rNV2029956: to=<black at vistech.net>, delay=00:00:28, xdelay=00:00:00, mailer=smtp, pri=1411249, relay=[12.145.241.50] [12.145.241.50], dsn=5.1.1, stat=User unknown
--[SNIP]-------------------------------------
The "User unknowns" go on for quite a while.. About
30 or so "User unknowns"... hmmmm.
Example of spam that get flagged and sends a report. This is
the e-mail that bypasses the "spam at localhost" and ends up in the
users mail box.
--[SNIP]--------------------------------------
From betsymullenwc at worldnet.att.net Tue Jun 2 23:54:42 2009
Return-Path: betsymullenwc at worldnet.att.net
Received: from lucas.softwink.com (lucas.att.vistech.net [12.145.241.102])
by bundy.vistech.net (8.14.0/8.13.4) with ESMTP id n533sgN7008675;
Tue, 2 Jun 2009 23:54:42 -0400
Received: from sympatico.ca ([118.88.38.123])
by lucas.softwink.com (8.14.0/8.13.4) with ESMTP id n533rNV2029956;
Tue, 2 Jun 2009 23:54:14 -0400
Message-ID: <2d8601c9e3fd$fdda24b1$f3edee3f at b9l5nj3>
From: Betsy Mullen <betsymullenwc at worldnet.att.net>
To: denise@[REMOVED]
Subject: Vgr And Cialis for low prices .And free gift for everyone 4qc
Date: Wed, 03 Jun 2009 03:42:24 +0000
MIME-Version: 1.0
X-Sender: <betsymullenwc at worldnet.att.net>
Sender: betsymullenwc at worldnet.att.net
In-Reply-To: <8fb201c9e1e5$9048900d$f0b187e3 at hf6fub3>
Content-Type: multipart/mixed; boundary="----------=_1244001265-3384-129"
X-Greylist: Delayed for 345555:55:20 by milter-greylist-3.0 (lucas.softwink.com
[24.240.168.169]); Tue, 02 Jun 2009 23:54:25 -0400 (EDT)
X-Spam-Score: 31.759 (*******************************)
BAYES_50,DRUGS_ERECTILE,DRUG_ED_GENERIC,FB_CIALIS_LEO3,FH_RELAY_NODNS,LO
CAL_DRUGS_MALEDYSFUNCTION,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,RAZOR2_
CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZO
R2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,
SARE_SUB_FREE,SARE_WEOFFER,SPF_HELO_NEUTRAL,SUBJECT_DRUG_GAP_C,TW_FY,TW_
TF,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_WS_SUR
BL
X-Orig-Rcpts: <denise at vistech.net>
X-Scanned-By: MIMEDefang 2.64 on 24.240.168.169
[-- Attachment #1 --]
[-- Type: text/plain, Encoding: 8bit, Size: 0.8K --]
Dear denise@[REMOVED]
http://womensmedicaljournal.at
http://womensmedicaljournal.at
DA & CPA Approved Pharmacy site
VeriSign secured payment site
We ship to all countries
---[SNIP]------------------------------------
--
Champ Clark III | Softwink, Inc | 800-538-9357 x 101
http://www.softwink.com
GPG Key ID: 58A2A58F
Key fingerprint = 7734 2A1C 007D 581E BDF7 6AD5 0F1F 655F 58A2 A58F
If it wasn't for C, we'd be using BASI, PASAL and OBOL.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20090603/58cc18b8/attachment.sig>
More information about the MIMEDefang
mailing list