You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alan Fullmer <li...@xnote.com> on 2005/06/06 15:51:31 UTC
* SPAM * Xnote.com considers this message as SPAM *** RE: Message that conitinually gets bypassed
Spam detection software, running on the system "vibe.xnote.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Here you go, attached are two. Keep in mind, if I were
to forward this mail to myself, it would get flagged. It just seems to
be getting by when they send it.
Content analysis details: (9.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.7 MSGID_FROM_MTA_ID Message-Id for external message added locally
0.4 SARE_HOMELOAN BODY: Home mortgage stuff
1.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
[cf: 100]
0.0 HTML_90_100 BODY: Message is 90% to 100% HTML
1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[67.108.238.3 listed in sbl-xbl.spamhaus.org]
0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URIs: mrratenow.com droppedr8z.com]
1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: mrratenow.com droppedr8z.com]
3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: mrratenow.com droppedr8z.com]
4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: droppedr8z.com]
-7.3 AWL AWL: From: address is in the auto white-list
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
Re[2]: Message that conitinually gets bypassed
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Alan,
Monday, June 6, 2005, 6:51:31 AM, you wrote:
AF> Here you go, attached are two.
AF> Keep in mind, if I were to forward this mail to myself, it would get
AF> flagged. It just seems to be getting by when they send it.
In the copies you attached, there are no Received headers.
> From: "George" <xd...@morin.at>
> To: "Mark Stringer" <ms...@accessdata.com>
> Subject: Attention
> Date: Sun, 5 Jun 2005 16:06:14 -0600
> Message-ID: <20...@buh.accessdata.com>
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0073_01C56A6C.8E2E5320"
> X-Mailer: Microsoft Office Outlook, Build 11.0.5510
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> Thread-Index: AcT9+CUlRgRKMiKZSj+BjT+PHEf8rQ==
>
> Dear Homeowner,
That strongly implies that the message somehow bypassed all email
systems, including yours any any others. It's as if the system which
created the spam dumped it directly onto your system, without going
through any email system. Therefore SA didn't see it, because SA is
normally called by email systems to check the emails.
If you can figure out why this email reached you without any received
headers, then you're well on the way to solving this problem.
Bob Menschel
AF> -----Original Message-----
AF> From: Robert Menschel [mailto:Robert@Menschel.net]
AF> Sent: Thursday, May 26, 2005 6:53 PM
AF> To: Alan Fullmer
AF> Cc: users@spamassassin.apache.org
AF> Subject: Re: Message that conitinually gets bypassed
AF> Hello Alan,
AF> Thursday, May 26, 2005, 9:20:51 AM, you wrote:
AF>> I have this message that continually gets by Spam Assassin. The headers
AF>> have no indication that SA has even touched it. I will post the
AF> headers
AF>> below, as well as the message.
AF> Unfortunately, you posted the text, and you posted the headers, but
AF> you didn't post the message. Your text says,
>> visit our Website
AF> and there's no link anywhere for the sucker to use. We are missing
AF> some very important information, and can't debug your problem properly
AF> without it.
AF> If you had sent the message as a message, attached (forward as
AF> attachment), I'd be able to save your message to my system, run SA
AF> against them, and do an analysis. I can't do that the way you cut and
AF> pasted the message.
AF> See the just updated
AF> http://wiki.apache.org/spamassassin/DoYouWantMySpam for some other
AF> ideas.
AF> Bob Menschel
--
Best regards,
Robert mailto:Robert@Menschel.net