Amavis is stamping it. The rest of the header info is below in the pastebin sample.
And just my luck.. *now* it's showing up in Razor and URIBL. Argh! It's as if spammers are using me as a crash test dummy this year. :/ On Feb 23, 2012, at 12:13 PM, Kevin A. McGrail wrote: > How is the email getting into your server? The only received header is > localhost... > > Received: from localhost (localhost [127.0.0.1]) > by heap.pbp.net (Postfix) with ESMTP id 27604E44DB > for <remo...@pbp.net>; Thu, 23 Feb 2012 10:45:25 -0600 (CST) > > testing the timeshare email, I got: > > Content analysis details: (6.3 points, 6.5 required) > > 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist > [URIs: administerphotograph.com] > -0.0 SPF_HELO_PASS SPF: HELO matches SPF record > 2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > above 50% > [cf: 100] > 0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > [cf: 100] > 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not > necessarily valid > 1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > > Regards, > KAM > > > > On 2/23/2012 12:10 PM, Jonathan Nichols wrote: >> >> Two examples from the past half hour alone: >> >> http://pastebin.com/SraBrj7r >> >> http://pastebin.com/PRspRuLS >> >> I'm getting flooded with spam these days. Bayes is on, I'm using the >> built-in RBLs, hostkarma, mailspike, BRBL, botnet & freemail plugin, pyzor, >> razor.. and things are still sailing right through with low scores. >> >> I have cron updating rules twice a day. (Is this too often?) >> >> SA 3.3.1 w/Amavis (Ubuntu packages) >> >> Some of the stuff coming through seems to be images for legit products, but >> very spammy URLs in them. Many of them have a grey image with some remove >> mailbox. Pretty much all of them have remove links that will accept and >> garbled email address you feed it. >> >> Anything that I've been missing? >> >> cheers, >> -- >> j > > > -- > Kevin A. McGrail > President > Peregrine Computer Consultants Corporation > 3927 Old Lee Highway, Suite 102-C > Fairfax, VA 22030-2422 > > http://www.pccc.com/ > > 703-359-9700 x50 / 800-823-8402 (Toll-Free) > 703-359-8451 (fax) > kmcgr...@pccc.com > > > <pccc_logo.gif>
