Dave Williss wrote:
I've started recieving a few spams a day that aren't even getting
scanned by Spamassassin. Or at least they don't get any X-Spam
headers added on.
The messages in question all have forged senders to make them look
like they came from an existing user within my own domain even though
the IP they came from is not in our domain and doesn't have any
reverse DNS. Here are the Received headers:
Received: by tnt.microimages.com (Postfix, from userid 65534) id
F0382681B5; Wed, 14 Feb 2007 18:55:09 -0600 (CST)
Received: from 216.229.5.227 (unknown [218.249.51.90]) by
tnt.microimages.com (Postfix) with SMTP id 6676F681A4; Wed, 14 Feb
2007 18:54:52 -0600 (CST)
X-Originating-IP: 136.116.127.78 by smtp.218.249.51.90; Wed, 14 Feb
2007 19:50:27 -0500
Is there some Spamassassin rule that may be auto-whitelisting this
(because the forged sender is an actual account), or is Postfix
confused into thinking that the sender is local and just not running
it through SA? Now that I think about it, I'm guessing it's Postfix.
I am having the same issue. I upgraded to SA 3.1.8 2 days ago, and
didn't get any spam like that yesterday. But today I am getting a few
more. If I pass the messages through SA, they score high enough to get
booted. I've been having this issue for about a week now. If you find
anything out, please post.
-=Aubrey=-