> I've recently implemented relaycountry and seen 90%+ > improvement in our ability to trap spam but there is one > email which seems capable of avoiding getting parsed by > spamd. > > All other messages get the x-spam headers added > successfully but this one for some reason completely > slips through without any such headers. It carries a > trojan too, which is odd because clamav should pick that > up. clamd is updated daily. > > The headers of the strange spam are: > > Return-path: <banach...@royalkoas.com> > Envelope-to: u...@host.co.uk > Delivery-date: Fri, 24 Jul 2009 11:12:38 +0800 > Received: from [190.144.0.42] (helo=CWXNQKBTZ) > by s1.host.info with esmtp (Exim 4.67) > (envelope-from <banach...@royalkoas.com>) > id 1MUBD2-0002wE-2i > for u...@host.co.uk; Fri, 24 Jul 2009 11:12:38 > +0800 > Received: from 190.144.0.42 by red3.redtong.com; Thu, 23 > Jul 2009 22:24:55 -0500 > Message-ID: <000d01ca0c0e$50804720$6400a...@banacha55> > From: <u...@host.co.uk> > To: u...@host.co.uk > Subject: You have received an eCard > Date: Thu, 23 Jul 2009 22:24:55 -0500 > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NextPart_000_0006_01CA0C0E.50804720" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2900.2180 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 > > The above email contained a .zip file. > > This was not random, as I've received three similar > emails this morning and none of them have x-spam headers > all other emails are fine.
It apparently was never seen by SpamAssassin, if there were no X-Spam-* -headers. How you call SpamAssassin? Any whitelisting there, do you call SpamAssassin for your own mail? It seems the sender address is same as receiver address. Whitelisted somehow, and maybe not inspected by SpamAssassin?
