You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ed Russell <ed...@hardsoftsystems.com> on 2006/03/03 16:52:22 UTC
Particular type of Spam getting through
Hello again all, for the most part all the changes and updates to my SA
configuration have been working absolutely fantastic; however a particular
type of spam is getting past SA. The subjects are usually an offshoot of:
American Idol Viewer #330a
Starbucks Member #209127552
Ebay Customer #29-814
Full headers from one of them are:
Received: by ntasprime.bserv.com from localhost
(router,SLmail V5.1); Fri, 03 Mar 2006 03:55:40 -0500
for <ed...@hardsoftsystems.com>
Received: from av.bserv.com [204.50.189.25]
by ntasprime.bserv.com [204.50.189.191] (SLmail 5.5.0.4433) with ESMTP
id 9C264F59E6084CAD98AF475B40AE10A7
for <ed...@hardsoftsystems.com>; Fri, 03 Mar 2006 03:55:37 -0500
Return-Path: <Ma...@ngutuz.postglacial.com>
Received: from [204.50.189.23] (HELO as.bserv.com) by av.bserv.com
(MicroWorld SMTP 5.6.2) ; Fri, 03 Mar 2006 03:55:36 -0500
Resent-Date: Fri, 03 Mar 2006 03:55:36 -0500
Resent-From: <Ma...@ngutuz.postglacial.com>
X-Originating-IP: 204.50.189.23
X-Auth-User: MarlinHernandez@ngutuz.postglacial.com
X-Filename: C:\PROGRA~1\MAILSCAN\in\SMT1413062978594.TMP
Received: (qmail 28414 invoked by alias); 3 Mar 2006 08:55:36 -0000
Delivered-To: alias-hardsoftsystemscom-ed.russell@hardsoftsystems.com
Received: (qmail 28407 invoked by uid 569); 3 Mar 2006 08:55:36 -0000
Received: from 206.186.17.4 by as (envelope-from
<Ma...@ngutuz.postglacial.com>, uid 502) with qmail-scanner-1.25
(spamassassin: 3.1.0.
Clear:RC:0(206.186.17.4):SA:0(0.9/4.0):.
Processed in 2.308117 secs); 03 Mar 2006 08:55:36 -0000
X-Spam-Status: No, hits=0.9 required=4.0
Received: from bserv-mail.bserv.com (HELO bserv.com) (206.186.17.4)
by as.bserv.com with SMTP; 3 Mar 2006 08:55:33 -0000
Received: (qmail 14579 invoked by uid 2372); 3 Mar 2006 08:55:33 -0000
Delivered-To: erussell@bserv.com
Received: (qmail 14574 invoked from network); 3 Mar 2006 08:55:32 -0000
Received: from as2.bserv.com (206.186.14.10)
by bserv.com with SMTP; 3 Mar 2006 08:55:32 -0000
Received: (qmail 29390 invoked by alias); 3 Mar 2006 08:55:32 -0000
Delivered-To: alias-bservcom-erussell@bserv.com
Received: (qmail 29383 invoked by uid 509); 3 Mar 2006 08:55:32 -0000
Received: from 199.232.32.84 by as2 (envelope-from
<Ma...@ngutuz.postglacial.com>, uid 503) with qmail-scanner-1.25
(spamassassin: 3.1.0.
Clear:RC:0(199.232.32.84):SA:0(3.9/4.0):.
Processed in 9.602814 secs); 03 Mar 2006 08:55:32 -0000
X-Qmail-Scanner-MOVED-X-Spam-Status: No, hits=3.9 required=4.0
X-Spam-Level: +++
Received: from srv-32-84.ecboline.com (199.232.32.84)
by as2.bserv.com with SMTP; 3 Mar 2006 08:55:20 -0000
From: "Ebay Gift Support" <Ma...@ngutuz.postglacial.com>
To: erussell@bserv.com <er...@bserv.com>
Subject: Ebay Customer #29-814
Date: Fri, 03 Mar 2006 00:57:48 -0800
MIME-Version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: 7bit
Message-Id: <09...@ngutuz.postglacial.com>
X-SLUIDL: D2E4A162-7ED44B20-A212D92D-8BF31256
Are there any particular rules I can tweak to block these buggers?
Ed
---------------------------------------------------
Talk is cheap since supply always exceeds demand.
---------------------------------------------------
Re: Particular type of Spam getting through
Posted by Loren Wilton <lw...@earthlink.net>.
Some SARE rules might help. That looks like it might fail the ebay phish
rules. Don't know that that in particular would help all of them, but that
sort of thing might help some.
Loren
Re: Particular type of Spam getting through
Posted by Stuart Johnston <st...@ebby.com>.
It is generally more useful to provide the entire message. Either
attach it to a message or put it on the web. pastebin.com or similar
can be helpful.
Ed Russell wrote:
> Hello again all, for the most part all the changes and updates to my SA
> configuration have been working absolutely fantastic; however a particular
> type of spam is getting past SA. The subjects are usually an offshoot of:
>
> American Idol Viewer #330a
> Starbucks Member #209127552
> Ebay Customer #29-814
>
> Full headers from one of them are:
>
> Received: by ntasprime.bserv.com from localhost
> (router,SLmail V5.1); Fri, 03 Mar 2006 03:55:40 -0500
> for <ed...@hardsoftsystems.com>
> Received: from av.bserv.com [204.50.189.25]
> by ntasprime.bserv.com [204.50.189.191] (SLmail 5.5.0.4433) with ESMTP
> id 9C264F59E6084CAD98AF475B40AE10A7
> for <ed...@hardsoftsystems.com>; Fri, 03 Mar 2006 03:55:37 -0500
> Return-Path: <Ma...@ngutuz.postglacial.com>
> Received: from [204.50.189.23] (HELO as.bserv.com) by av.bserv.com
> (MicroWorld SMTP 5.6.2) ; Fri, 03 Mar 2006 03:55:36 -0500
> Resent-Date: Fri, 03 Mar 2006 03:55:36 -0500
> Resent-From: <Ma...@ngutuz.postglacial.com>
> X-Originating-IP: 204.50.189.23
> X-Auth-User: MarlinHernandez@ngutuz.postglacial.com
> X-Filename: C:\PROGRA~1\MAILSCAN\in\SMT1413062978594.TMP
> Received: (qmail 28414 invoked by alias); 3 Mar 2006 08:55:36 -0000
> Delivered-To: alias-hardsoftsystemscom-ed.russell@hardsoftsystems.com
> Received: (qmail 28407 invoked by uid 569); 3 Mar 2006 08:55:36 -0000
> Received: from 206.186.17.4 by as (envelope-from
> <Ma...@ngutuz.postglacial.com>, uid 502) with qmail-scanner-1.25
> (spamassassin: 3.1.0.
> Clear:RC:0(206.186.17.4):SA:0(0.9/4.0):.
> Processed in 2.308117 secs); 03 Mar 2006 08:55:36 -0000
> X-Spam-Status: No, hits=0.9 required=4.0
> Received: from bserv-mail.bserv.com (HELO bserv.com) (206.186.17.4)
> by as.bserv.com with SMTP; 3 Mar 2006 08:55:33 -0000
> Received: (qmail 14579 invoked by uid 2372); 3 Mar 2006 08:55:33 -0000
> Delivered-To: erussell@bserv.com
> Received: (qmail 14574 invoked from network); 3 Mar 2006 08:55:32 -0000
> Received: from as2.bserv.com (206.186.14.10)
> by bserv.com with SMTP; 3 Mar 2006 08:55:32 -0000
> Received: (qmail 29390 invoked by alias); 3 Mar 2006 08:55:32 -0000
> Delivered-To: alias-bservcom-erussell@bserv.com
> Received: (qmail 29383 invoked by uid 509); 3 Mar 2006 08:55:32 -0000
> Received: from 199.232.32.84 by as2 (envelope-from
> <Ma...@ngutuz.postglacial.com>, uid 503) with qmail-scanner-1.25
> (spamassassin: 3.1.0.
> Clear:RC:0(199.232.32.84):SA:0(3.9/4.0):.
> Processed in 9.602814 secs); 03 Mar 2006 08:55:32 -0000
> X-Qmail-Scanner-MOVED-X-Spam-Status: No, hits=3.9 required=4.0
> X-Spam-Level: +++
> Received: from srv-32-84.ecboline.com (199.232.32.84)
> by as2.bserv.com with SMTP; 3 Mar 2006 08:55:20 -0000
> From: "Ebay Gift Support" <Ma...@ngutuz.postglacial.com>
> To: erussell@bserv.com <er...@bserv.com>
> Subject: Ebay Customer #29-814
> Date: Fri, 03 Mar 2006 00:57:48 -0800
> MIME-Version: 1.0
> Content-type: text/plain; charset="ISO-8859-1"
> Content-transfer-encoding: 7bit
> Message-Id: <09...@ngutuz.postglacial.com>
> X-SLUIDL: D2E4A162-7ED44B20-A212D92D-8BF31256
>
>
> Are there any particular rules I can tweak to block these buggers?
>
> Ed
>
>
>
> ---------------------------------------------------
>
> Talk is cheap since supply always exceeds demand.
>
> ---------------------------------------------------
>
>