Spammers Circumventing Anti-Spam

Discussions on webmail and the Professional version.
Post Reply
dbly
Posts: 47
Joined: Wed Aug 20, 2008 9:18 pm

Spammers Circumventing Anti-Spam

Post by dbly » Fri Nov 06, 2015 9:29 pm

Has anybody else noticed spammers circumventing Mailenable's anti-spam?

We are running Mailenable Pro version 9, with SpamAssassin integration.

We've been getting the occasional messages from addresses like FOX|NEWS@whatever, and even though SpamAssassin correctly sees them as spam, they are still being delivered to the inbox.

The MTAFILTER log shows the headers being added:

Code: Select all

11/06/15 13:16:29	Executed	592C7618082E459BB172BB545FD644F9.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:FOX|NEWS@alret-usa-news.co.in]	104.223.4.218	High (960)	RE:Bill OReilly Report -Reports Obama's Second term in Jeopardy...
11/06/15 13:16:29	Executed	592C7618082E459BB172BB545FD644F9.MAI	SMTP	SpamAssassin	ADD_HEADER,ADD_HEADER		[SMTP:FOX|NEWS@alret-usa-news.co.in]	104.223.4.218	CRITERIA=SPAMASSASSIN, DATA=<PASS>1</PASS>	RE:Bill OReilly Report -Reports Obama's Second term in Jeopardy...
The MTA log shows them being queued:

Code: Select all

11/06/15 13:16:29	ME-MTA-ROUTE [592C7618082E459BB172BB545FD644F9.MAI] from [SMTP] Connector queued to [SF] Connector as [AEE15C0D34554B25B42108CD7F2BE243.MAI]
Yet the POC log shows them being going into the inbox:

Code: Select all

11/06/15 13:16:29	[AEE15C0D34554B25B42108CD7F2BE243.MAI] Delivered message from [SMTP:FOX|NEWS@alret-usa-news.co.in] to PO=######.com MBX=###### FLD=\Inbox
When I inspect the message in the inbox, it DOES include the headers

Code: Select all

X-SA-SPAM: True
X-ME-Content: Deliver-To=Junk
All of the other spamassassin-detected messages are being delivered to the junk folder. The ONLY instances where we can find it not seem to be messages with the piping symbol | in the from address. My theory is that this character is fouling the test.

Post Reply