1. Considered spam
by SA but subject not altered because of two 'subject:'
fields:
Microsoft Mail
Internet Headers Version 2.0
thread-index: AcM4I/aNXM78fdr8S76EyIBRhpBXSw==
Content-Type: text/html;
charset="iso-8859-1"
Received: from mail.<my_domain>.com ([192.168.0.3]) by smtp.<my_domain>.com with Microsoft SMTPSVC(5.0.2195.5329); Sat, 21 Jun 2003 19:36:00 +0100
Received: from milhouse.nildram.co.uk (milhouse.nildram.co.uk [195.112.4.6]) by mail.<my_machine>.com (8.12.8/8.12.8) with ESMTP id h5LIa99v006879 for <mail@<my_domain>.co.uk>; Sat, 21 Jun 2003 19:36:10 +0100
Content-Transfer-Encoding: 7bit
Received: from gavr.cmm.msu.su (gavr.cmm.msu.su [195.208.219.120]) by milhouse.nildram.co.uk (8.12.8/8.12.8) with SMTP id h5LIZktQ043217 for <mail@<my_domain>.co.uk>; Sat, 21 Jun 2003 19:35:48 +0100 (BST)
Received: from b1k.9a7owb.net [41.195.164.92] by gavr.cmm.msu.su with ESMTP id 5815C2FE43A; Sat, 21 Jun 2003 15:35:59 -0400
Message-ID: <[EMAIL PROTECTED]>
From: "S. Holland" <[EMAIL PROTECTED]>
To: <mail@<my_domain>.co.uk>
Subject: *****SPAM*****
Subject:
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Date: Sat, 21 Jun 03 15:35:59 GMT
X-Mailer: The Bat! (v1.52f) Business
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=12.9 required=7.0tests=FORGED_MUA_THEBAT,HTML_60_70,HTML_FONT_BIG, HTML_FONT_COLOR_RED,HTML_FONT_FACE_ODD,HTML_IMAGE_ONLY_02, HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MIME_HTML_NO_CHARSET, MIME_HTML_ONLY,MISSING_MIMEOLE,MISSING_OUTLOOK_NAME, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_UNCONFIRMED_DSBLautolearn=spam version=2.55-jdk.2.8.2
X-Spam-Report: ---- Start SpamAssassin results 12.90 points, 7 required; * 0.5 -- BODY: Message is 60% to 70% HTML * 0.3 -- BODY: HTML font face is not a commonly used face * 0.1 -- BODY: HTML font color is red * 0.1 -- BODY: HTML has unbalanced "body" tags * 0.1 -- BODY: HTML included in message * 0.3 -- BODY: FONT Size +2 and up or 3 and up * 2.5 -- BODY: HTML has images with 0-200 bytes of words * 0.8 -- RAW: Message text in HTML without specified charset * 0.5 -- RBL: Received via a relay in unconfirmed.dsbl.org [RBL check: found 120.219.208.195.unconfirmed.dsbl.org.] * 3.0 -- RBL: Received via a relay in bl.spamcop.net [RBL check: found 120.219.208.195.bl.spamcop.net.] * 0.5 -- Message has X-MSMail-Priority, but no X-MimeOLE * 0.1 -- Message only has text/html MIME parts * 3.5 -- Forged mail pretending to be from The Bat! * 0.6 -- Message looks like Outlook, but isn't ---- End of SpamAssassin results
X-Spam-Level: ************
X-Spam-Checker-Version: SpamAssassin 2.55-jdk.2.8.2 (1.174.2.19-2003-05-19-exp)
Return-Path: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 21 Jun 2003 18:36:00.0691 (UTC) FILETIME=[F67D1830:01C33823]
thread-index: AcM4I/aNXM78fdr8S76EyIBRhpBXSw==
Content-Type: text/html;
charset="iso-8859-1"
Received: from mail.<my_domain>.com ([192.168.0.3]) by smtp.<my_domain>.com with Microsoft SMTPSVC(5.0.2195.5329); Sat, 21 Jun 2003 19:36:00 +0100
Received: from milhouse.nildram.co.uk (milhouse.nildram.co.uk [195.112.4.6]) by mail.<my_machine>.com (8.12.8/8.12.8) with ESMTP id h5LIa99v006879 for <mail@<my_domain>.co.uk>; Sat, 21 Jun 2003 19:36:10 +0100
Content-Transfer-Encoding: 7bit
Received: from gavr.cmm.msu.su (gavr.cmm.msu.su [195.208.219.120]) by milhouse.nildram.co.uk (8.12.8/8.12.8) with SMTP id h5LIZktQ043217 for <mail@<my_domain>.co.uk>; Sat, 21 Jun 2003 19:35:48 +0100 (BST)
Received: from b1k.9a7owb.net [41.195.164.92] by gavr.cmm.msu.su with ESMTP id 5815C2FE43A; Sat, 21 Jun 2003 15:35:59 -0400
Message-ID: <[EMAIL PROTECTED]>
From: "S. Holland" <[EMAIL PROTECTED]>
To: <mail@<my_domain>.co.uk>
Subject: *****SPAM*****
Subject:
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Date: Sat, 21 Jun 03 15:35:59 GMT
X-Mailer: The Bat! (v1.52f) Business
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=12.9 required=7.0tests=FORGED_MUA_THEBAT,HTML_60_70,HTML_FONT_BIG, HTML_FONT_COLOR_RED,HTML_FONT_FACE_ODD,HTML_IMAGE_ONLY_02, HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MIME_HTML_NO_CHARSET, MIME_HTML_ONLY,MISSING_MIMEOLE,MISSING_OUTLOOK_NAME, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_UNCONFIRMED_DSBLautolearn=spam version=2.55-jdk.2.8.2
X-Spam-Report: ---- Start SpamAssassin results 12.90 points, 7 required; * 0.5 -- BODY: Message is 60% to 70% HTML * 0.3 -- BODY: HTML font face is not a commonly used face * 0.1 -- BODY: HTML font color is red * 0.1 -- BODY: HTML has unbalanced "body" tags * 0.1 -- BODY: HTML included in message * 0.3 -- BODY: FONT Size +2 and up or 3 and up * 2.5 -- BODY: HTML has images with 0-200 bytes of words * 0.8 -- RAW: Message text in HTML without specified charset * 0.5 -- RBL: Received via a relay in unconfirmed.dsbl.org [RBL check: found 120.219.208.195.unconfirmed.dsbl.org.] * 3.0 -- RBL: Received via a relay in bl.spamcop.net [RBL check: found 120.219.208.195.bl.spamcop.net.] * 0.5 -- Message has X-MSMail-Priority, but no X-MimeOLE * 0.1 -- Message only has text/html MIME parts * 3.5 -- Forged mail pretending to be from The Bat! * 0.6 -- Message looks like Outlook, but isn't ---- End of SpamAssassin results
X-Spam-Level: ************
X-Spam-Checker-Version: SpamAssassin 2.55-jdk.2.8.2 (1.174.2.19-2003-05-19-exp)
Return-Path: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 21 Jun 2003 18:36:00.0691 (UTC) FILETIME=[F67D1830:01C33823]
and, 2. A half-dozen
spam (and only spam) messages delivered directly to my Exchange box; thereby
avoiding SA totally.
I have primary MX
records pointing to an RH9 box (mail.mydomain) which relays most mail on to
an Exchange box. But because Linux/SA is on a 'desktop' machine I also
have a 2nd MX pointing directly at the Exchange box -
smtp.mydomain (in case I've broken the SA box), and a third MX record
pointing to my ISP for those times when I've broken
everything.
The SA box is up and
available at these times but the spam still goes directly to my secondary MX
record. It is not, in any way, overloaded.
eg
Microsoft Mail
Internet Headers Version 2.0
thread-index: AcM/ClO82zRXFQkgTkegpoSCI6OSIA==
Content-Type: text/html;
charset="iso-8859-1"
Received: from mach.ddisp.net ([63.64.70.4]) by smtp.<my_domain>.com with Microsoft SMTPSVC(5.0.2195.5329); Mon, 30 Jun 2003 14:20:06 +0100
Content-Transfer-Encoding: 7bit
Received: from s19.svtl.net [87.60.240.76] by mach.ddisp.net id 68bSYvSz4IVe; Mon, 30 Jun 2003 09:18:09 -0500
Message-ID: <[EMAIL PROTECTED]>
From: "Luther Cunningham" <[EMAIL PROTECTED]>
To: <mail@<my_domain>.co.uk>
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
Subject: Advance on the job with our college graduation program m kjqlf mvbn gx ho
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Date: Mon, 30 Jun 03 09:18:09 GMT
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
Return-Path: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 30 Jun 2003 13:20:07.0686 (UTC) FILETIME=[5355CA60:01C33F0A]
thread-index: AcM/ClO82zRXFQkgTkegpoSCI6OSIA==
Content-Type: text/html;
charset="iso-8859-1"
Received: from mach.ddisp.net ([63.64.70.4]) by smtp.<my_domain>.com with Microsoft SMTPSVC(5.0.2195.5329); Mon, 30 Jun 2003 14:20:06 +0100
Content-Transfer-Encoding: 7bit
Received: from s19.svtl.net [87.60.240.76] by mach.ddisp.net id 68bSYvSz4IVe; Mon, 30 Jun 2003 09:18:09 -0500
Message-ID: <[EMAIL PROTECTED]>
From: "Luther Cunningham" <[EMAIL PROTECTED]>
To: <mail@<my_domain>.co.uk>
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
Subject: Advance on the job with our college graduation program m kjqlf mvbn gx ho
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Date: Mon, 30 Jun 03 09:18:09 GMT
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
Return-Path: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 30 Jun 2003 13:20:07.0686 (UTC) FILETIME=[5355CA60:01C33F0A]
Is this (or are
these) a standard technique(s)?
Cheers
John
