You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Lars Ebeling <la...@leopg9.no-ip.org> on 2009/10/21 17:40:07 UTC
Mail not scanned
Why aren't mail from "United Parcel Service" scanned?
The last 24 hours have i got about 20 of them and none scanned.
--
Regards
Lars Ebeling
http://leopg9.no-ip.org
Hobbithobbyist
"I am not young enough to know everything."
-- Oscar Wilde
Re: Mail not scanned
Posted by "McDonald, Dan" <Da...@austinenergy.com>.
On Wed, 2009-10-21 at 17:40 +0200, Lars Ebeling wrote:
> Why aren't mail from "United Parcel Service" scanned?
>
> The last 24 hours have i got about 20 of them and none scanned.
>
>
check the size of the messages, see if the embedded images make it
larger than your cutoff...
But a pastebin example would be helpful in any case, plus your
environment. Don't you run HPUX or something like that?
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com
Re: Mail not scanned
Posted by Jari Fredriksson <ja...@iki.fi>.
21.10.2009 18:40, Lars Ebeling kirjoitti:
> Why aren't mail from "United Parcel Service" scanned?
>
> The last 24 hours have i got about 20 of them and none scanned.
>
>
Those are not scanned in *my* system just because they are scanned by
amavisd-new before they will be scanned by SA. As they contain malware,
amavisd quarantines them, and they never get examined by SA.
It all depends on your setup.
--
http://www.iki.fi/jarif/
Q: Minnesotans ask, "Why aren't there more pharmacists from Alabama?"
A: Easy. It's because they can't figure out how to get the little
bottles into the typewriter.
Re: Mail not scanned
Posted by Lars Ebeling <la...@leopg9.no-ip.org>.
From: "Ralf Hildebrandt" <Ra...@charite.de>
To: <us...@spamassassin.apache.org>
Sent: Wednesday, October 21, 2009 5:59 PM
Subject: Re: Mail not scanned
>* Lars Ebeling <la...@leopg9.no-ip.org>:
>> Why aren't mail from "United Parcel Service" scanned?
>
> What makes you think so?
Since I don't get any :
X-Spam-Virus: No
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on leopg9.no-ip.org
X-Spam-Level:
X-Spam-Status: No, score=-5.6
In the headers
>
>> The last 24 hours have i got about 20 of them and none scanned.
>
> Maybe they got scanned and just went through.
> Scanned for what, anyway?
>
> --
> Ralf Hildebrandt
> Geschäftsbereich IT | Abteilung Netzwerk
> Charité - Universitätsmedizin Berlin
> Campus Benjamin Franklin
> Hindenburgdamm 30 | D-12203 Berlin
> Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
> ralf.hildebrandt@charite.de | http://www.charite.de
>
>
Re: Mail not scanned
Posted by Ralf Hildebrandt <Ra...@charite.de>.
* Lars Ebeling <la...@leopg9.no-ip.org>:
> Why aren't mail from "United Parcel Service" scanned?
What makes you think so?
> The last 24 hours have i got about 20 of them and none scanned.
Maybe they got scanned and just went through.
Scanned for what, anyway?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt@charite.de | http://www.charite.de
Re: Mail not scanned
Posted by Lars Ebeling <la...@leopg9.no-ip.org>.
----- Original Message -----
From: "Daniel J McDonald" <da...@austinenergy.com>
To: <us...@spamassassin.apache.org>
Sent: Wednesday, October 21, 2009 9:21 PM
Subject: Re: Mail not scanned
> On Wed, 2009-10-21 at 18:59 +0200, Lars Ebeling wrote:
>> I am running SA 3.2.5 on HP-UX 11.11. I am using postfix as MTA.
>>
>> http://pastebin.com/m612529a7
>>
>> The interface is configured in master.cf
>
>
> It's 42K, so check that you don't have a size limit.
>
where is this configured?
regards
Lars
Re: Mail not scanned
Posted by Daniel J McDonald <da...@austinenergy.com>.
On Wed, 2009-10-21 at 18:59 +0200, Lars Ebeling wrote:
> I am running SA 3.2.5 on HP-UX 11.11. I am using postfix as MTA.
>
> http://pastebin.com/m612529a7
>
> The interface is configured in master.cf
It's 42K, so check that you don't have a size limit.
When I scan it I get:
X-Spam-Report:
* 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?75.209.5.48>]
* 0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [75.209.5.48 listed in zen.spamhaus.org]
* 2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* 2.0 RCVD_IN_BRBL_RELAY RBL: received via a relay rated as poor by
* Barracuda
* [75.209.5.48 listed in b.barracudacentral.org]
* 4.2 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
* IP)
* 3.7 FH_HELO_ALMOST_IP Helo is almost an IP addr.
* 0.0 RELAY_US Relayed through United States
* 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 1.3 RAZOR2_CF_RANGE_E4_100 Razor2 gives engine 4 confidence level of
* 100%
* [cf: 100]
* 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
* above 50%
* [cf: 100]
* 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
* [cf: 100]
* 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
* dynamic-looking rDNS
* 1.5 JM_SOUGHT_3 Body contains frequently-spammed text patterns
* 0.5 BOTNET_OTHER BOTNET_OTHER
And it also is caught by clamav:
$ clamscan lars.vir
lars.vir: Sanesecurity.Malware.8825.UNOFFICIAL FOUND
>
>
> Regards
>
> Lars
>
> ----- Original Message -----
> From: "Kevin Parris" <KP...@ed.sc.gov>
> To: <us...@spamassassin.apache.org>
> Sent: Wednesday, October 21, 2009 5:46 PM
> Subject: Re: Mail not scanned
>
>
> In this situation I believe Spock would say "Insufficient Data" . . .
>
> What o/s are you running? What is your mail handling software? How does
> that mail handling software interface to SpamAssassin? Are you sure the
> items were not scanned, or are you simply bothered that they were not marked
> as spam by the scan? Have you placed a complete sample with all headers on
> pastebin and given us the link to that so we can evaluate the message?
>
> >>> "Lars Ebeling" <la...@leopg9.no-ip.org> 10/21/09 11:40 AM >>>
> Why aren't mail from "United Parcel Service" scanned?
>
> The last 24 hours have i got about 20 of them and none scanned.
>
>
Re: Mail not scanned
Posted by Lars Ebeling <la...@leopg9.no-ip.org>.
I am running SA 3.2.5 on HP-UX 11.11. I am using postfix as MTA.
http://pastebin.com/m612529a7
The interface is configured in master.cf
Regards
Lars
----- Original Message -----
From: "Kevin Parris" <KP...@ed.sc.gov>
To: <us...@spamassassin.apache.org>
Sent: Wednesday, October 21, 2009 5:46 PM
Subject: Re: Mail not scanned
In this situation I believe Spock would say "Insufficient Data" . . .
What o/s are you running? What is your mail handling software? How does
that mail handling software interface to SpamAssassin? Are you sure the
items were not scanned, or are you simply bothered that they were not marked
as spam by the scan? Have you placed a complete sample with all headers on
pastebin and given us the link to that so we can evaluate the message?
>>> "Lars Ebeling" <la...@leopg9.no-ip.org> 10/21/09 11:40 AM >>>
Why aren't mail from "United Parcel Service" scanned?
The last 24 hours have i got about 20 of them and none scanned.
--
Regards
Lars Ebeling
http://leopg9.no-ip.org
Hobbithobbyist
"I am not young enough to know everything."
-- Oscar Wilde
Re: Mail not scanned
Posted by Kevin Parris <KP...@ed.sc.gov>.
In this situation I believe Spock would say "Insufficient Data" . . .
What o/s are you running? What is your mail handling software? How does that mail handling software interface to SpamAssassin? Are you sure the items were not scanned, or are you simply bothered that they were not marked as spam by the scan? Have you placed a complete sample with all headers on pastebin and given us the link to that so we can evaluate the message?
>>> "Lars Ebeling" <la...@leopg9.no-ip.org> 10/21/09 11:40 AM >>>
Why aren't mail from "United Parcel Service" scanned?
The last 24 hours have i got about 20 of them and none scanned.
--
Regards
Lars Ebeling
http://leopg9.no-ip.org
Hobbithobbyist
"I am not young enough to know everything."
-- Oscar Wilde