[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SA-milter] Spam evading milter
From: |
J4K |
Subject: |
Re: [SA-milter] Spam evading milter |
Date: |
Wed, 13 Jul 2011 12:24:33 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10 |
On 07/12/2011 02:07 PM, J4K wrote:
> [SNIP]
>> I added it:
>>
>> # /usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f -p
>> /var/spool/postfix/spamass/spamass.sock -u nobody -M -r 9 -i 127.0.0.1
>> -- -s 1050000
>>
>> Many thanks and regards, S.
>>
>> _______________________________________________
>> Spamass-milt-list mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/spamass-milt-list
> I looked at the file sizes of those that sneaked through, and saw that
> these are about 2kB in size.
> I don't think this is it. Is there someone else that I could look for?
>
> Regards, S
>
>
>
Yep, the spam still gets a free ride :( The milter is happy to pass this
through.
What else could they use to trick it?
Regards, S.
Today's spam:
X-Spam-Staus Yes, score=14.5 required=5.0 tests=BAYES_50,DKIM_ADSP_ALL,
HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_MESSAGE,MIME_HTML_ONLY,
RCVD_ILLEGAL_IP,SPF_PASS,TVD_RCVD_IP,URIBL_BLACK shortcircuit=no
autolearn=spam version=3.3.1
X-Spam_report * 1.7 URIBL_BLACK Contains an URL listed in the URIBL
blacklist * [URIs: zolp.net] * 3.6 HELO_DYNAMIC_IPADDR2
Relay HELO'd using suspicious hostname (IP addr * 2) * 3.5
HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
* IP) * 3.4 RCVD_ILLEGAL_IP Received: contains illegal IP
address * 0.0 TVD_RCVD_IP TVD_RCVD_IP * 0.8 DKIM_ADSP_ALL No
valid author signature, domain signs all mail * -0.0 SPF_PASS SPF:
sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in
message * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
* [score: 0.5000] * 0.7 MIME_HTML_ONLY BODY: Message only has
text/html MIME parts