Hi there I just had the following phishing attacks get through with scores in the 2s.
http://pastebin.com/4Yyc0m7j http://pastebin.com/R0XMM9Je Both are generated by different hacked websites - both from 41.184.112.222 Could X-EN-OrigIP: and X-PHP-Script: be added to X-Spam-Relays-External so as to pick up the originating IP? Rewriting that IP into a Received header pushed the score up by 10 points due to the RBLs it's in PS: pastebin.com picked both of these as SPAM - what are they doing right that SA isn't? ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
