Spam not checked at all

[Jan-Kaspar Münnich <li...@jan-muennich.de>]

Hello,

for the first time two weeks ago I received a kind of spam that SA doesn't check at all. Similar ist always the URL one-liner and a faked yahoo.com sender. If manually checked by SA, it gets score >40:

http://pastebin.com/4arTzeRu

Setup: Postfix 2.7.0 with spampd proxy.

Postfix seems to just don't send these mails to the proxy, without any warning in the logs. Unfortunately it's not really possible to run Postfix in debug mode, since the server has a througput of ~10.000 mails / day and I can't reproduce the problem. I'm sure that's not a kind of misconfiguration since the problem occurs only with exactly these mails.

Sorry if you think that's a Postfix issue, but I'm not yet sure. Maybe someone has an idea.

Jan-Kaspar

Re: Spam not checked at all

[Karsten Bräckelmann <gu...@rudersport.de>]

On Wed, 2010-05-26 at 16:05 +0200, Jan-Kaspar Münnich wrote:
> Setup: Postfix 2.7.0 with spampd proxy.
> 
> Postfix seems to just don't send these mails to the proxy, without any
> warning in the logs.

If, as you say, SA never gets these messages for scanning, it cannot be
a problem with SA or its configuration.

> Unfortunately it's not really possible to run Postfix in debug mode,
> since the server has a througput of ~10.000 mails / day and I can't
> reproduce the problem. I'm sure that's not a kind of misconfiguration
> since the problem occurs only with exactly these mails.
> 
> Sorry if you think that's a Postfix issue, but I'm not yet sure. Maybe
> someone has an idea.

You need to check your other tools in the chain. Since the samples are
rather similar, maybe there's some config that causes these to be exempt
from the spam check.

  guenther


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}