We have been looking at these also.
In most cases they are indeed being dropped by the MTA checks and our own
internal BLs.
Most of what slips through is being forwarded from a couple of legit servers
that have no filtering (and we are working on that). So the MTA doesn't drop
them since the forwarding servers are legit and hands them to Spamassassin.
It would be nice if anyone can spot a pattern that would allow SpamAssassin to
catch these even if the MTA checks fail. I have been looking and found nothing
so far.
In case more examples will help...here are a few that were forwarded to me:
http://people.ironicdesign.com/adorman/spam1
http://people.ironicdesign.com/adorman/spam2
http://people.ironicdesign.com/adorman/spam3
http://people.ironicdesign.com/adorman/spam4
http://people.ironicdesign.com/adorman/spam5
http://people.ironicdesign.com/adorman/spam6
And no worries if this group can not find a pattern to check for. Sometimes the
ONLY way to catch a spam is to deal with it based on the MTA sender characteristics.
--
Andy Dorman
Ironic Design, Inc.
AnteSpam.com, HomeFreeMail.com, ComeHome.net
