Re: [SA-milter] Spam evading milter

[J4K]

On 07/12/2011 02:07 PM, J4K wrote:
> [SNIP]
>> I added it:
>>
>> # /usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f -p
>> /var/spool/postfix/spamass/spamass.sock -u nobody -M -r 9 -i 127.0.0.1
>> -- -s 1050000
>>
>> Many thanks and regards, S.
>>
>> _______________________________________________
>> Spamass-milt-list mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/spamass-milt-list
> I looked at the file sizes of those that sneaked through, and saw that
> these are about 2kB in size.
> I don't think this is it.  Is there someone else that I could look for?
>
> Regards, S
>
>
>
Yep, the spam still gets a free ride :( The milter is happy to pass this
through. 

What else could they use to trick it?

Regards, S.

Today's spam:

X-Spam-Staus Yes, score=14.5 required=5.0 tests=BAYES_50,DKIM_ADSP_ALL,
HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_MESSAGE,MIME_HTML_ONLY,
RCVD_ILLEGAL_IP,SPF_PASS,TVD_RCVD_IP,URIBL_BLACK shortcircuit=no
autolearn=spam version=3.3.1

X-Spam_report *  1.7 URIBL_BLACK Contains an URL listed in the URIBL
blacklist    *      [URIs: zolp.net]    *  3.6 HELO_DYNAMIC_IPADDR2
Relay HELO'd using suspicious hostname (IP addr    *       2)    *  3.5
HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split   
*      IP)    *  3.4 RCVD_ILLEGAL_IP Received: contains illegal IP
address    *  0.0 TVD_RCVD_IP TVD_RCVD_IP    *  0.8 DKIM_ADSP_ALL No
valid author signature, domain signs all mail    * -0.0 SPF_PASS SPF:
sender matches SPF record    *  0.0 HTML_MESSAGE BODY: HTML included in
message    *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%   
*      [score: 0.5000]    *  0.7 MIME_HTML_ONLY BODY: Message only has
text/html MIME parts