Re: spam skating through

[Kevin A. McGrail]

How is the email getting into your server?  The only received header is localhost... Received: from localhost (localhost [127.0.0.1])     by heap.pbp.net (Postfix) with ESMTP id 27604E44DB     for <remo...@pbp.net>; Thu, 23 Feb 2012 10:45:25 -0600 (CST) testing the timeshare email, I got: Content analysis details:   (6.3 points, 6.5 required)  1.7 URIBL_DBL_SPAM         Contains an URL listed in the DBL blocklist                             [URIs: administerphotograph.com] -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record  2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level                             above 50%                             [cf: 100]  0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%                             [cf: 100]  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid  1.7 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/) Regards, KAM On 2/23/2012 12:10 PM, Jonathan Nichols wrote: Two examples from the past half hour alone: http://pastebin.com/SraBrj7r http://pastebin.com/PRspRuLS I'm getting flooded with spam these days. Bayes is on, I'm using the built-in RBLs, hostkarma, mailspike, BRBL, botnet & freemail plugin, pyzor, razor.. and things are still sailing right through with low scores. I have cron updating rules twice a day. (Is this too often?) SA 3.3.1 w/Amavis (Ubuntu packages) Some of the stuff coming through seems to be images for legit products, but very spammy URLs in them. Many of them have a grey image with some remove mailbox. Pretty much all of them have remove links that will accept and garbled email address you feed it. Anything that I've been missing? cheers, -- j -- Kevin A. McGrail President Peregrine Computer Consultants Corporation 3927 Old Lee Highway, Suite 102-C Fairfax, VA 22030-2422 http://www.pccc.com/ 703-359-9700 x50 / 800-823-8402 (Toll-Free) 703-359-8451 (fax) kmcgr...@pccc.com