You may have a problem with mrtg showing statistics, but this message
was scanned by spamassassin. See all of the X-Spam messages? They come
from spamassassin. Is your mail server named mail.providio.com? That's
the host which scanned the message.
Atul Paralikar wrote:
Hey Jake, the anti-virus on the systems were deleting these mails
automatically that's why I was not able to send you the header.
Now I have one header of email which was caught by the Anti-Virus but not by
CLAMD. I took it from the webmail.
============================
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.providio.com
X-Spam-Level: *********************
X-Spam-Status: Yes, score=21.4 required=4.0
tests=BASE64_LENGTH_78_79,BAYES_50,
FORGED_OUTLOOK_TAGS,HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_MESSAGE,
MIME_BASE64_TEXT,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,
RCVD_IN_XBL,RCVD_NUMERIC_HELO,RDNS_DYNAMIC autolearn=spam
Version=3.2.4
X-Spam-Report:
* 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see
<http://www.spamcop.net/bl.shtml?211.14.220.25>]
* 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname
(IP addr
* 2)
* 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split
* IP)
* 2.1 RCVD_NUMERIC_HELO Received: contains an IP address used for
HELO
* 2.8 BASE64_LENGTH_78_79 BODY: BASE64_LENGTH_78_79
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
* [score: 0.5847]
* 1.8 MIME_BASE64_TEXT RAW: Message text disguised using base64
encoding
* 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [211.14.220.25 listed in zen.spamhaus.org]
* 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
* [211.14.220.25 listed in dnsbl.sorbs.net]
* 0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
* 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
* dynamic-looking rDNS
Received: (qmail 9874 invoked from network); 30 Sep 2009 04:01:53 -0500
Received: from 211.14.220.25.eo.eaccess.ne.jp (211.14.220.25)
by mail.etisbew.com with SMTP; 30 Sep 2009 04:01:52 -0500
Received-SPF: none (mail.etisbew.com: domain at ras-publishing.com does not
designate permitted sender hosts)
Received: from 211.14.220.25 by service46.mimecast.com; Wed, 30 Sep 2009
18:01:41 +0900
Message-ID: <000d01ca41ac$a0442000$6400a...@masticatekl698>
From: "Floyd Heath" <a...@etisbew.com>
To: <a...@etisbew.com>
Subject: *****SPAM***** =?utf-8?Q?Spam=3A=3A?=
Thank you for setting the order No.475456
Date: Wed, 30 Sep 2009 18:01:41 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NxtPrt_ftshd_1254301313"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Spam-Prev-Subject: =?utf-8?Q?Spam=3A=3A?=
============================
-----Original Message-----
From: Jake Vickers [mailto:j...@qmailtoaster.com]
Sent: Wednesday, September 30, 2009 8:22 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] RE: Mails not being scanned / filtered by SA
server
Atul Paralikar wrote:
Actually I read in the forum / wiki, to add a line for the domain which we
need to allow emails. This will allow us to set other parameters which
will
be effective only for this particular domain.
More over I added that line, thinking it could be another reason for
SPAMD/CLAMD not scanning our domain emails.
Jake,
- If the SPAMD/CLAMD are working fine then some of the virus messages are
getting delivered to the employees. Why is that so? Is there anything else
in it, which I might be missing?
- How do I fix the ISOLOG to detect the SPAMD/CALMD logs?
Remove the log files for spamd and clamd. This will reset the log files
and isoqlog should start with the new data. You will lose all the
history on these daemon though.
You have only shown us a "spam" message that was correctly marked as
spam (at a score of 4.0 like you defined in your local.cf) but was
correctly delivered because it did not exceed the score you defined in
simcontrol. You have shown us nothing about viruses, nor any logs to
back anything up. Without log files we can only make guesses and hope
you are able to fix it.
----------------------------------------------------------------------------
-----
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
-----
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
