[exim] Some messages not scanned for spam.

Wed, 23 Mar 2016 02:30:07 -0700 

Hi, 

I have strange situation. Some of incoming messages, aren't scanned for spam. 
I'll attach 2 files which have info about that. One is with scan info, other is 
without scan info. How to find where is the problem? 

Return-path: <[email protected]>
Envelope-to: Return-path: <[email protected]>
Envelope-to: mydomain.com
Delivery-date: Wed, 23 Mar 2016 02:46:33 +0200
Received: from [50.31.162.152] (helo=vps.zimbravixko.eu)
        by mydomain.com with esmtp (Exim 4.68)
        (envelope-from <[email protected]>)
        id 1aiWwR-00064B-Mz
        for mydomain.com; Wed, 23 Mar 2016 02:46:33 +0200
Received: from [167.88.14.117] (port=55252 helo=User)
        by vps.zimbravixko.eu with esmtpa (Exim 4.86_1)
        (envelope-from <[email protected]>)
        id 1agNAc-0007bB-1A; Wed, 16 Mar 2016 20:56:16 -0500
Reply-To: <[email protected]>
From: "Mary Russell"<[email protected]>
Subject: PAYMENT AGENT REQUIRED
Date: Wed, 16 Mar 2016 18:56:08 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_00B8_01C2A9A6.30C11DCC"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any 
abuse report
X-AntiAbuse: Primary Hostname - vps.zimbravixko.eu
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - parlkex.com
X-Get-Message-Sender-Via: vps.zimbravixko.eu: authenticated_id: elboramziw/only 
user confirmed/virtual account not confirmed
X-Authenticated-Sender: vps.zimbravixko.eu: elboramziw

This is a multi-part message in MIME format.
Delivery-date: Wed, 23 Mar 2016 02:46:33 +0200
Received: from [50.31.162.152] (helo=vps.zimbravixko.eu)
        by mydomain.com with esmtp (Exim 4.68)
        (envelope-from <[email protected]>)
        id 1aiWwR-00064B-Mz
        for [email protected]; Wed, 23 Mar 2016 02:46:33 +0200
Received: from [167.88.14.117] (port=55252 helo=User)
        by vps.zimbravixko.eu with esmtpa (Exim 4.86_1)
        (envelope-from <[email protected]>)
        id 1agNAc-0007bB-1A; Wed, 16 Mar 2016 20:56:16 -0500
Reply-To: <[email protected]>
From: "Mary Russell"<[email protected]>
Subject: PAYMENT AGENT REQUIRED
Date: Wed, 16 Mar 2016 18:56:08 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_00B8_01C2A9A6.30C11DCC"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any 
abuse report
X-AntiAbuse: Primary Hostname - vps.zimbravixko.eu
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - parlkex.com
X-Get-Message-Sender-Via: vps.zimbravixko.eu: authenticated_id: elboramziw/only 
user confirmed/virtual account not confirmed
X-Authenticated-Sender: vps.zimbravixko.eu: elboramziw

This is a multi-part message in MIME format.
Return-path: <spam.com>
Envelope-to: mydomain.com
Delivery-date: Tue, 22 Mar 2016 14:37:54 +0200
Received: from [194.153.145.70] (helo=smtp-spam.com)
        by mydomain.com with esmtp (Exim 4.68)
        (envelope-from <spam.com>)
        id 1aiLZJ-00013G-EV
        for mydomain.com; Tue, 22 Mar 2016 14:37:54 +0200
Received: from spam.com (......)
        by spam.com (Postfix) with ESMTP id 0CBE350DC3C
        for <mydomain.com>; Tue, 22 Mar 2016 14:37:53 +0200 (EET)
Received: from spam.com (localhost [127.0.0.1])
        by spam.com (Postfix) with ESMTP id F40351FBDB
        for <mydomain.com>; Tue, 22 Mar 2016 14:37:52 +0200 (EET)
Date: Tue, 22 Mar 2016 14:37:52 +0200 (EET)
From: spammer <spam.com>
To: mydomain.com
Message-ID: <[email protected]>
Subject: =?UTF-8?B?0JrQm9CY0JXQndCi0KHQmtCY0JUg0JHQkNCX0Ksh?=
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_Part_824581_207071265.1458650272993"
X-Mailer: spamMail 3.0
X-Originating-IP: 1.2.3.4
X-Spam_score: 3.5
X-ACL-Warn: = X-Spam_score_int: 35
X-ACL-Warn: = X-Spam_bar: +++
X-ACL-Warn: = X-Spam_report: Spam detection software, running on the system 
"mydomain.com", has
        identified this incoming email as possible spam.  The original message
        has been attached to this so you can view it (if it isn't spam) or label
        similar future email.  If you have any questions, see
        the administrator of that system for details.
        Content preview:  -~Z-~[-~X-~U-~]ÒÑ-~Z-~X-~U -~Q-~P-~WÛ! Ñîáå-~@--
-ì äë-~O -~Rà-~Aå-~@
        ïî èí-~Bå-~@íå-~B áàç-~C äàíí-~K-~E ïî-~Båí-~Fèàë-~~
Lí-~K-~E êëèåí-~Bîâ~Håãî -~
        äë-~O -~Rà-~Håãî -~Qèçíå-~Aà! -~Z-~[-~X-~U-~]ÒÑ-~Z-~X-~U -~~
Q-~P-~WÛ! [...] a
        Content analysis details:   (3.5 points, 4.0 required)
        pts rule name              description
        ---- ---------------------- 
--------------------------------------------------
        0.0 HTML_MESSAGE           BODY: HTML included in message
        0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
        [score: 0.5000]
        1.5 TVD_SPACE_RATIO        BODY: TVD_SPACE_RATIO
        2.2 DCC_CHECK              Listed in DCC 
(http://rhyolite.com/anti-spam/dcc/)
        0.1 RDNS_NONE              Delivered to trusted network by a host with 
no rDNS
        -0.2 AWL                    AWL: From: address is in the auto white-list
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to