I was suprised that this sequence of headers didn't trip any SA rule:
From: [EMAIL PROTECTED]
Received: from www.MailServer.com ([218.104.132.224])
by ns1.sodaware.com (8.9.3/8.9.3) with SMTP id UAA04387;
Wed, 29 May 2002 20:26:32 -0700
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: HS2S1
There were no other Received: headers. I've just been taking a quick
glance through my mail, and I can't find any non-spam message where any
Received: header(s) appear after the From:. (That doesn't mean there
have never been any, just none in my existing mail.)
I also would have expected one of the MSGID_ADDED_BY_MTA rules to trip
on this one, as clearly there was no Message-Id before the local sendmail
got the message.
Finally, that same spam had a 191KB JPG attachment (gaah) that was labeled
application/octet-stream. I know there are a number of UAs that tag any
file they don't recognize as octet-stream, but most MUAs know about the
obvious image types -- mislabeling an image would seem to be a good spam
(or virus) indicator.
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
