From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Agid, Corby
Sent: Tuesday, January 24, 2006 1:35 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] Logged spam getting to mailboxHello,
I'm having trouble with a particular spam message getting to my mailbox each day. The declude log file shows the scanning and scoring. However, the message that lands in the mailbox shows no sign of being scanned….ie there are no X-RBL headers in the message that gets to the mailbox. All of my other mail, whether spam or not spam, still shows X-rbl headers to verify they were scanned.
Can you help me understand why the final message doesn’t' show the X-RBL headers? I get about three of these per day, each has the same style, but the IP and From addresses are different.
Below are the log snips and message headers.
=======================================
Dec0123.log
01/23/2006 15:45:52 Q6aae01510000a967 CBL:6 FIVETEN-SRC:4 SORBS-DUHL:4 SPAMBAG:2 SPAMHEADERS:3 MS-SNAKEOIL:25 . Total weight = 44.01/23/2006 15:45:52 Q6aae01510000a967 Using [incoming] CFG file C:\IMail\Declude\mail.agid.com\$default$.junkmail.
01/23/2006 15:45:52 Q6aae01510000a967 Msg failed CBL ("Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=68.41.152.175"). Action="">01/23/2006 15:45:52 Q6aae01510000a967 Msg failed FIVETEN-SRC (175.152.41.68.blackholes.five-ten-sg.com.). Action="">
01/23/2006 15:45:52 Q6aae01510000a967 Msg failed SORBS-DUHL ("Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?68.41.152.175"). Action="">
01/23/2006 15:45:52 Q6aae01510000a967 Msg failed SPAMBAG (175.152.41.68.blacklist.spambag.org.). Action="">
01/23/2006 15:45:52 Q6aae01510000a967 Msg failed SPAMHEADERS (This E-mail has headers consistent with spam [4000100e].). Action="">01/23/2006 15:45:52 Q6aae01510000a967 Msg failed MS-SNAKEOIL (Message failed MS-SNAKEOIL: 52.). Action="">
01/23/2006 15:45:52 Q6aae01510000a967 Msg failed WEIGHT10-29A (Weight of 44 reaches or exceeds the limit of 10.). Action="">01/23/2006 15:45:52 Q6aae01510000a967 Msg failed WEIGHT10-29B (Weight of 44 reaches or exceeds the limit of 10.). Action="">
01/23/2006 15:45:52 Q6aae01510000a967 Msg failed WEIGHT30A (Weight of 44 reaches or exceeds the limit of 30.). Action="">
01/23/2006 15:45:52 Q6aae01510000a967 Msg failed SPAMYELLOW (Weight of 44 reaches or exceeds the limit of 10.). Action="">
01/23/2006 15:45:52 Q6aae01510000a967 Msg failed SPAMRED (Weight of 44 reaches or exceeds the limit of 30.). Action="">
01/23/2006 15:45:52 Q6aae01510000a967 Msg failed CATCHALLMAILS (). Action="">
01/23/2006 15:45:52 Q6aae01510000a967 L1 Message OK
01/23/2006 15:45:52 Q6aae01510000a967 Subject: Viagra Professional as low as $3.84
01/23/2006 15:45:52 Q6aae01510000a967 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 68.41.152.175 ID:
01/23/2006 15:45:52 Q6aae01510000a967 Tests failed [weight=44]: CBL=IGNORE FIVETEN-SRC="" SORBS-DUHL=IGNORE SPAMBAG=IGNORE SPAMHEADERS=WARN MS-SNAKEOIL=IGNORE WEIGHT10-29A=IGNORE WEIGHT10-29B=IGNORE WEIGHT30A=IGNORE SPAMYELLOW=WARN SPAMRED=WARN CATCHALLMAILS=WARN01/23/2006 15:45:52 Q6aae01510000a967 Last action = "">
Sys0123.log
01:23 15:45 SMTPD(6aae01510000a967) [216.101.5.133] connect 68.41.152.175 port 4251
01:23 15:45 SMTPD(6aae01510000a967) [68.41.152.175] HELO localhost
01:23 15:45 SMTPD(6aae01510000a967) [68.41.152.175] Mail From: <[EMAIL PROTECTED]>
01:23 15:45 SMTPD(6aae01510000a967) [68.41.152.175] Rcpt To: <[EMAIL PROTECTED]>
01:23 15:45 SMTPD(6aae01510000a967) [68.41.152.175] C:\IMail\spool\D6aae01510000a967.SMD 4723
01:23 15:45 SMTPD(6aae01510000a967) performing antispam checks
01:23 15:45 SMTP-(6aae01510000a967) processing C:\IMail\spool\Q6aae01510000a967.SMD
01:23 15:45 SMTP-(6aae01510000a967) ldeliver mail.agid.com corby-main (1) [EMAIL PROTECTED] 5361
01:23 15:45 SMTP-(6aae01510000a967) finished C:\IMail\spool\Q6aae01510000a967.SMD status=1
Email Headers:
Received: from localhost [68.41.152.175] by mail.agid.com
(SMTPD-8.21) id AAAE0130; Mon, 23 Jan 2006 15:45:50 -0800
Date: Mon, 23 Jan 2006 18:45:52 +0100
Return-path: <[EMAIL PROTECTED]>
From: "Adler"<[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Viagra Professional as low as $3.84
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0003_01C618B6.107D4F00"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Title: Logged spam getting to mailbox
Corby, to help you rule out "header corruption" I checked
my own logs, and found that I received (and held) three copies of the same spam
message today.
Inspecting each of those with notepad showed that my X-
headers are being added, therefore "header corruption" or "bad folding"
shouldn't be the issue.
Andrew 8)
- RE: [Declude.JunkMail] Logged spam getting to mailbox Colbeck, Andrew
