Hello. I've been running into a situation where a good amount of what seems like obvious spam has been reaching users' inboxes. Subject lines of "Try viagra completely free" are getting through without even being tagged with [BULK], and after looking at the MxScan logs, they are reporting a score of 0.
This is a pretty recent occurrence over the last few weeks and the content filters are on. I'm using MxScanME professional 1.8.202.0. Just wanted to check the boards to see if others have been affected, or whether it's just here. Thanks in advance.
MxScan filtering
Re: MxScan filtering
Hi Peterpeteredd wrote:Hello. I've been running into a situation where a good amount of what seems like obvious spam has been reaching users' inboxes. Subject lines of "Try viagra completely free" are getting through without even being tagged with [BULK], and after looking at the MxScan logs, they are reporting a score of 0.
This is a pretty recent occurrence over the last few weeks and the content filters are on. I'm using MxScanME professional 1.8.202.0. Just wanted to check the boards to see if others have been affected, or whether it's just here. Thanks in advance.
Please post the message headers here so that i can see what are the tests that you have.
If you are not already using the Sanesecurity Filter please enable it now and do a manual update
Thanks
MXSCAN :: AntiSpam & AntiVirus for MailEnable (now with Spamtrap/Honeypot!)
Built-in SpamAssassin, Clam, MessageSniffer, DNSBL, URLBL, DCC, Senderbase, SpamTrap, ShortCircuit, Content Filters, Disclamers, Archiving and more.
Visit www.mxuptime.com
Built-in SpamAssassin, Clam, MessageSniffer, DNSBL, URLBL, DCC, Senderbase, SpamTrap, ShortCircuit, Content Filters, Disclamers, Archiving and more.
Visit www.mxuptime.com
Thanks for your message. Let me know if you notice anything glaring...
-----------------
Received: from ([127.0.0.1]) with MailEnable ESMTP; Mon, 11 May 2009 10:34:09 -0400
Received: (from root@localhost) by mail4.carriescakes.com (8.11.3/8.11.3)
id k0V2OhN55666; Mon, 11 May 2009 15:38:35 +0000 (PDT envelope-from root)
Date: Mon, 11 May 2009 15:38:35 +0000
Message-Id: <58812859220833.bixrsaaIti@harvestman>
X-Mailer: phpmailer [version 1.41]
X-BeenThere: deemphasize@mailman.cartoonnetwork.com
X-Kaspersky: Checking
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: <EMAILADDRESS@DOMAIN.COM>
From: "Free Viagra Sample" <0ccny@pichicago.com>
Subject: Try Viagra completely free
X-MXScan-Scan: Scanned by MxScan 1.8.202.0 for MYMAIL
X-MXScan-Msgid: EC9803B118CE49668E2393AA5D978E37_
X-MXScan-Country-Sequence: Localhost->Destination
X-MXScan-AntiVirus: ClamAV 0.94.2/9347/Fri May 08 01:10:18 2009 [Clean]
X-MXScan-AntiSpam: CLAM_SANE [Pass], KEYWORD [Pass], RDNSBL [Pass], URLBL [Pass], SPAMASSASSIN [0], DCC_CHECK [NA], BACKSCATTER [Pass], SENDERBASE [NA]
X-MXScan-SpamScore: 0
X-MXScan-ProcessingTime: 0.437 sec(s)
X-ME-Bayesian: 0.000319
Return-Path: <0ccny@pichicago.com>
X-Read: 1
-----------------
Received: from ([127.0.0.1]) with MailEnable ESMTP; Mon, 11 May 2009 17:52:34 -0400
Received: (from root@localhost) by mail3.celebrity-babies.com (8.11.3/8.11.3)
id k0V2OhN98318; Mon, 11 May 2009 17:51:52 +0400 (PDT envelope-from root)
Date: Mon, 11 May 2009 17:51:52 +0400
Message-Id: <9331D895.131211.08545@PVTP>
X-Mailer: devMail.Net (3.2.2205.8930-2)
X-Server: High Performance Mail Server - http://surgemail.com rr=1936393
X-FID: 44E37DBC-2383-48AF-B2E6-46CDEA08DCB6
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: <EMAILADDRESS@DOMAIN.COM>
From: "Free Viagra & [SPAM]" <sinteger@engadget.com>
Subject: Make it happen in the bedroom
X-MXScan-Scan: Scanned by MxScan 1.8.202.0 for MYMAIL
X-MXScan-Msgid: AB2542BD51174256A86450C2A14D3997_
X-MXScan-Country-Sequence: Localhost->Destination
X-MXScan-AntiVirus: ClamAV 0.94.2/9351/Sun May 10 22:59:11 2009 [Clean]
X-MXScan-AntiSpam: CLAM_SANE [Pass], KEYWORD [IMPOTENCE(1)], RDNSBL [Pass], URLBL [Pass], SPAMASSASSIN [0], DCC_CHECK [NA], BACKSCATTER [Pass], SENDERBASE [NA]
X-MXScan-SpamScore: 1
X-MXScan-ProcessingTime: 0.281 sec(s)
X-ME-Bayesian: 0.000897
Return-Path: <sinteger@engadget.com>
-----------------
Received: from ([127.0.0.1]) with MailEnable ESMTP; Mon, 11 May 2009 10:34:09 -0400
Received: (from root@localhost) by mail4.carriescakes.com (8.11.3/8.11.3)
id k0V2OhN55666; Mon, 11 May 2009 15:38:35 +0000 (PDT envelope-from root)
Date: Mon, 11 May 2009 15:38:35 +0000
Message-Id: <58812859220833.bixrsaaIti@harvestman>
X-Mailer: phpmailer [version 1.41]
X-BeenThere: deemphasize@mailman.cartoonnetwork.com
X-Kaspersky: Checking
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: <EMAILADDRESS@DOMAIN.COM>
From: "Free Viagra Sample" <0ccny@pichicago.com>
Subject: Try Viagra completely free
X-MXScan-Scan: Scanned by MxScan 1.8.202.0 for MYMAIL
X-MXScan-Msgid: EC9803B118CE49668E2393AA5D978E37_
X-MXScan-Country-Sequence: Localhost->Destination
X-MXScan-AntiVirus: ClamAV 0.94.2/9347/Fri May 08 01:10:18 2009 [Clean]
X-MXScan-AntiSpam: CLAM_SANE [Pass], KEYWORD [Pass], RDNSBL [Pass], URLBL [Pass], SPAMASSASSIN [0], DCC_CHECK [NA], BACKSCATTER [Pass], SENDERBASE [NA]
X-MXScan-SpamScore: 0
X-MXScan-ProcessingTime: 0.437 sec(s)
X-ME-Bayesian: 0.000319
Return-Path: <0ccny@pichicago.com>
X-Read: 1
-----------------
Received: from ([127.0.0.1]) with MailEnable ESMTP; Mon, 11 May 2009 17:52:34 -0400
Received: (from root@localhost) by mail3.celebrity-babies.com (8.11.3/8.11.3)
id k0V2OhN98318; Mon, 11 May 2009 17:51:52 +0400 (PDT envelope-from root)
Date: Mon, 11 May 2009 17:51:52 +0400
Message-Id: <9331D895.131211.08545@PVTP>
X-Mailer: devMail.Net (3.2.2205.8930-2)
X-Server: High Performance Mail Server - http://surgemail.com rr=1936393
X-FID: 44E37DBC-2383-48AF-B2E6-46CDEA08DCB6
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: <EMAILADDRESS@DOMAIN.COM>
From: "Free Viagra & [SPAM]" <sinteger@engadget.com>
Subject: Make it happen in the bedroom
X-MXScan-Scan: Scanned by MxScan 1.8.202.0 for MYMAIL
X-MXScan-Msgid: AB2542BD51174256A86450C2A14D3997_
X-MXScan-Country-Sequence: Localhost->Destination
X-MXScan-AntiVirus: ClamAV 0.94.2/9351/Sun May 10 22:59:11 2009 [Clean]
X-MXScan-AntiSpam: CLAM_SANE [Pass], KEYWORD [IMPOTENCE(1)], RDNSBL [Pass], URLBL [Pass], SPAMASSASSIN [0], DCC_CHECK [NA], BACKSCATTER [Pass], SENDERBASE [NA]
X-MXScan-SpamScore: 1
X-MXScan-ProcessingTime: 0.281 sec(s)
X-ME-Bayesian: 0.000897
Return-Path: <sinteger@engadget.com>
Most of these will normally get caught by the RDNSBL tests. However, these appear be originating from localhost "Received: from ([127.0.0.1]) with MailEnable ESMTP;" which would mean that the the DNSBL test do not get a chance to fire.peteredd wrote:Thanks for your message. Let me know if you notice anything glaring...
-----------------
Received: from ([127.0.0.1]) with MailEnable ESMTP; Mon, 11 May 2009 10:34:09 -0400
Received: (from root@localhost) by mail4.carriescakes.com (8.11.3/8.11.3)
id k0V2OhN55666; Mon, 11 May 2009 15:38:35 +0000 (PDT envelope-from root)
Date: Mon, 11 May 2009 15:38:35 +0000
Message-Id: <58812859220833.bixrsaaIti@harvestman>
X-Mailer: phpmailer [version 1.41]
X-BeenThere: deemphasize@mailman.cartoonnetwork.com
X-Kaspersky: Checking
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: <EMAILADDRESS@DOMAIN.COM>
From: "Free Viagra Sample" <0ccny@pichicago.com>
Subject: Try Viagra completely free
X-MXScan-Scan: Scanned by MxScan 1.8.202.0 for MYMAIL
X-MXScan-Msgid: EC9803B118CE49668E2393AA5D978E37_
X-MXScan-Country-Sequence: Localhost->Destination
X-MXScan-AntiVirus: ClamAV 0.94.2/9347/Fri May 08 01:10:18 2009 [Clean]
X-MXScan-AntiSpam: CLAM_SANE [Pass], KEYWORD [Pass], RDNSBL [Pass], URLBL [Pass], SPAMASSASSIN [0], DCC_CHECK [NA], BACKSCATTER [Pass], SENDERBASE [NA]
X-MXScan-SpamScore: 0
X-MXScan-ProcessingTime: 0.437 sec(s)
X-ME-Bayesian: 0.000319
Return-Path: <0ccny@pichicago.com>
X-Read: 1
-----------------
Received: from ([127.0.0.1]) with MailEnable ESMTP; Mon, 11 May 2009 17:52:34 -0400
Received: (from root@localhost) by mail3.celebrity-babies.com (8.11.3/8.11.3)
id k0V2OhN98318; Mon, 11 May 2009 17:51:52 +0400 (PDT envelope-from root)
Date: Mon, 11 May 2009 17:51:52 +0400
Message-Id: <9331D895.131211.08545@PVTP>
X-Mailer: devMail.Net (3.2.2205.8930-2)
X-Server: High Performance Mail Server - http://surgemail.com rr=1936393
X-FID: 44E37DBC-2383-48AF-B2E6-46CDEA08DCB6
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: <EMAILADDRESS@DOMAIN.COM>
From: "Free Viagra & [SPAM]" <sinteger@engadget.com>
Subject: Make it happen in the bedroom
X-MXScan-Scan: Scanned by MxScan 1.8.202.0 for MYMAIL
X-MXScan-Msgid: AB2542BD51174256A86450C2A14D3997_
X-MXScan-Country-Sequence: Localhost->Destination
X-MXScan-AntiVirus: ClamAV 0.94.2/9351/Sun May 10 22:59:11 2009 [Clean]
X-MXScan-AntiSpam: CLAM_SANE [Pass], KEYWORD [IMPOTENCE(1)], RDNSBL [Pass], URLBL [Pass], SPAMASSASSIN [0], DCC_CHECK [NA], BACKSCATTER [Pass], SENDERBASE [NA]
X-MXScan-SpamScore: 1
X-MXScan-ProcessingTime: 0.281 sec(s)
X-ME-Bayesian: 0.000897
Return-Path: <sinteger@engadget.com>
Do you have the option "Hide IP Address from Email headers" checked under you SMTP properties ?
MXSCAN :: AntiSpam & AntiVirus for MailEnable (now with Spamtrap/Honeypot!)
Built-in SpamAssassin, Clam, MessageSniffer, DNSBL, URLBL, DCC, Senderbase, SpamTrap, ShortCircuit, Content Filters, Disclamers, Archiving and more.
Visit www.mxuptime.com
Built-in SpamAssassin, Clam, MessageSniffer, DNSBL, URLBL, DCC, Senderbase, SpamTrap, ShortCircuit, Content Filters, Disclamers, Archiving and more.
Visit www.mxuptime.com
ok, that kinda of answers it. Can you try unchecking that box and restart the ME STMP service if necessary. That should improve your catch rates. The actual IP address is required and is also used by few of the Filters.peteredd wrote:Thanks again. To answer your question, yes, and I do have it checked.
Cheers
MXSCAN :: AntiSpam & AntiVirus for MailEnable (now with Spamtrap/Honeypot!)
Built-in SpamAssassin, Clam, MessageSniffer, DNSBL, URLBL, DCC, Senderbase, SpamTrap, ShortCircuit, Content Filters, Disclamers, Archiving and more.
Visit www.mxuptime.com
Built-in SpamAssassin, Clam, MessageSniffer, DNSBL, URLBL, DCC, Senderbase, SpamTrap, ShortCircuit, Content Filters, Disclamers, Archiving and more.
Visit www.mxuptime.com
