On 12-Apr-2009, at 20:23, Kevin Callahan wrote: > On Apr 12, 2009, at 6:30 PM, LuKreme wrote: >> On 12-Apr-2009, at 11:12, Kevin Callahan wrote: >>> I get a fair number of these emails: >>> >>> Mail (MobileMe) and empty FROM empty Subject empty BODY >> >> Check the Raw Source. They are spam messages where the line feeds >> have been eaten. >> >>> as does my wife, and a few others I know on MobileMe - >>> do others get see these going around? >>> why would MM's spamcop (or whatever they use) deliver this and not >>> block it as junk ? >> >> For the same reason SpamAssassin fails on these, it doesn't see it as >> a message as it has no valid headers and no valid body. > > I've tried to set Mail's junk to catch it, but I haven't been > successful quite yet
It will never catch it. Here's one I got today: Received: (qmail 27496 invoked from network); Mon, 13 Apr 2009 10:27:59 +0900Received: from unknown (HELO hrodlk) (216.188.216.120) by wergvan with SMTP; Mon, 13 Apr 2009 10:27:59 +0900Message-ID: <002b01c9bbd7$14dfbde0$d8bcd...@localhosthrodlk>From: "Antoinette Sargent" <[email protected]>To: <*[email protected]>Subject: Wanna be a MachoMan? Date: Mon, 13 Apr 2009 10:27:59 +0900MIME-Version: 1.0Content-Type: text/ plain; format=flowed; charset="iso-8859-1"; reply-type=originalContent-Transfer-Encoding: 7bitX-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.2900.2180X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180Bringing you the highest quality at the most competitive prices. http: //ljhgem.[***]druginfo.at/ See how the Message-ID is attached to the previous line? How the From is also? And the Subject, Date, etc? The filters rely on the information in these headers, and since these headers are 'not there' the information can never be parsed, and nothing about the message will be learned. I only see these going to .mac/MobileMe, so I suspect that something in MobileMe's mailservers is seeing these as spam and munging them badly (less likely), or that the messages are being submitted with Windows style EOLs assuming that the mailserver will parse them (more likely). This specific message originated from 124.80.99.17 (in the headers I didn't paste) and that address is listed in blacklists. $ dig 17.99.80.124.zen.spamhaus.org +short 127.0.0.11 I don't see messages like this on my own mailserver, but then I wouldn't as I reject address listen in zen. But don't bother trying to train the Junk Filters for those messages, there's nothing in the headers for it to train on, just delete them. -- Can I tell you the truth? I mean this isn't like TV news, is it? _______________________________________________ OSX-Nutters mailing list | [email protected] http://lists.tit-wank.com/mailman/listinfo/osx-nutters List hosted at http://cat5.org/
