[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
spamassassin+sendmail+cyrus
From: |
None |
Subject: |
spamassassin+sendmail+cyrus |
Date: |
Wed, 11 Feb 2004 20:31:07 -0800 |
Spamassassin start as below
~~~~~~~~~~~~~~~~~~~~~~~~~~~
www# ps -ax | grep spam
19892 ?? Is 0:02.00 /usr/local/bin/perl -T -w /usr/local/bin/spamd -a -d
-r /var/run/spamd.pid -u nobody -D
19883 p0- S 0:00.01 /usr/local/sbin/spamass-milter -p
/var/run/spamass.sock -f -b address@hidden -i213..
www#
But spam is delivered to spam busket (address@hidden) and original rcpt.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LOGS
~~~~
www# cat /var/log/maillog | grep "18262]:"
Feb 11 19:51:41 www sendmail[18262]: NOQUEUE: connect from [61.37.176.39]
Feb 11 19:51:41 www sendmail[18262]: i1BGpfHk018262: Milter (spamassassin):
init success to negotiate
Feb 11 19:51:41 www sendmail[18262]: i1BGpfHk018262: Milter (drweb-filter):
init success to negotiate
Feb 11 19:51:41 www sendmail[18262]: i1BGpfHk018262: Milter: connect to filters
Feb 11 19:51:41 www sendmail[18262]: i1BGpfHk018262: milter=spamassassin,
action=connect, continue
Feb 11 19:51:41 www sendmail[18262]: i1BGpfHk018262: milter=spamassassin,
action=helo, continue
Feb 11 19:54:31 www sendmail[18262]: i1BGpfHk018262: Milter: senders:
<address@hidden>
Feb 11 19:54:31 www sendmail[18262]: i1BGpfHk018262: milter=spamassassin,
action=mail, continue
Feb 11 19:54:31 www sendmail[18262]: i1BGpfHk018262: milter=drweb-filter,
action=mail, continue
Feb 11 19:55:04 www sendmail[18262]: i1BGpfHk018262: Milter: rcpts:
<address@hidden>
Feb 11 19:55:04 www sendmail[18262]: i1BGpfHk018262: milter=spamassassin,
action=rcpt, continue
Feb 11 19:55:04 www sendmail[18262]: i1BGpfHk018262: milter=drweb-filter,
action=rcpt, continue
Feb 11 19:55:06 www sendmail[18262]: i1BGpfHk018262: from=<address@hidden>,
size=9458, class=0, nrcpts=1, msgid=<address@hidden>, bodytype=8BITMIME,
proto=SMTP, daemon=MTA, relay=[61.37.176.39]
Feb 11 19:55:06 www sendmail[18262]: i1BGpfHk018262: milter=spamassassin,
action=header, continue
Feb 11 19:55:06 www sendmail[18262]: i1BGpfHk018262: milter=spamassassin,
action=eoh, continue
Feb 11 19:55:06 www sendmail[18262]: i1BGpfHk018262: milter=spamassassin,
action=body, continue
Feb 11 19:55:12 www sendmail[18262]: i1BGpfHk018262: Milter add: header:
X-Spam-Flag: YES
Feb 11 19:55:12 www sendmail[18262]: i1BGpfHk018262: Milter add: header:
X-Spam-Status: Yes, hits=8.9 required=4.7
tests=DNS_FROM_RFCI_DSN,\n\tHEAD_ILLEGAL_CHARS,HTML_20_30,HTML_FONTCOLOR_UNKNOWN,\n\tHTML_FONT_FACE_BAD,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,\n\tRCVD_IN_RFCI
autolearn=no version=2.60
Feb 11 19:55:12 www sendmail[18262]: i1BGpfHk018262: Milter add: rcpt:
address@hidden
Feb 11 19:55:12 www sendmail[18262]: i1BGpfHk018262: Milter add: header:
X-Spam-Orig-To: <address@hidden>
Feb 11 19:55:12 www sendmail[18262]: i1BGpfHk018262: Milter delete: rcpt
<address@hidden>
Feb 11 19:55:12 www sendmail[18262]: i1BGpfHk018262: Milter add: header:
X-Spam-Report: \n\t* 0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is
unknown to us\n\t* 0.0 HTML_MESSAGE BODY: HTML included in message\n\t* 0.2
HTML_FONT_FACE_BAD BODY: HTML font face is not a word\n\t* 0.5 HTML_20_30
BODY: Message is 20% to 30% HTML\n\t* 0.1 MIME_HTML_ONLY BODY: Message only
has text/html MIME parts\n\t* 4.3 HEAD_ILLEGAL_CHARS Header contains too many
raw illegal characters\n\t* 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a
relay in bl.spamcop.net\n\t* [Blocked - see
<http://www.spamcop.net/bl.shtml?61.37.176.39>]\n\t* 1.4 DNS_FROM_RFCI_DSN
RBL: From: sender listed in dsn.rfc-ignorant.org\n\t* 0.1 RCVD_IN_RFCI RBL:
Sent via a relay in ipwhois.rfc-ignorant.org\n\t* [Inaccurate or missing
WHOIS data]
Feb 11 19:55:12 www sendmail[18262]: i1BGpfHk018262: Milter add: header:
X-Spam-Level: ********
Feb 11 19:55:12 www sendmail[18262]: i1BGpfHk018262: Milter add: header:
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
\n\twww.strs.ru
Feb 11 19:55:12 www sendmail[18262]: i1BGpfHk018262: Milter change: header
Subject: from =?windows-1251?Q?=c0=e2=f2=ee=ec=e0=f2=e8=e7=e0=f6=e8=ff
=e1=f3=f5=e3=e0=eb=f2=e5=f0=f1=ea=ee=e3=ee, =ed=e0=eb=ee=e3=ee=e2=ee=e3=ee
=e8?=\n\t=?windows-1251?Q? =f2=ee=f0=e3=ee=e2=ee-=f1=ea=eb=e0=e4=f1=ea=ee=e3=ee
=f3=f7=e5=f2=e0?= to *****SPAM*****
=?windows-1251?Q?=c0=e2=f2=ee=ec=e0=f2=e8=e7=e0=f6=e8=ff
=e1=f3=f5=e3=e0=eb=f2=e5=f0=f1=ea=ee=e3=ee, =ed=e0=eb=ee=e3=ee=e2=ee=e3=ee
=e8?= =?windows-1251?Q? =f2=ee=f0=e3=ee=e2=ee-=f1=ea=eb=e0=e4=f1=ea=ee=e3=ee
=f3=f7=e5=f2=e0?=
Feb 11 19:55:12 www sendmail[18262]: i1BGpfHk018262: Milter message: body
replaced
Feb 11 19:55:12 www sendmail[18262]: i1BGpfHk018262: milter=drweb-filter,
action=header, continue
Feb 11 19:55:14 www sendmail[18262]: i1BGpfHk018262: milter=drweb-filter,
action=eoh, continue
Feb 11 19:55:14 www sendmail[18262]: i1BGpfHk018262: milter=drweb-filter,
action=body, continue
Feb 11 19:55:14 www drweb-smf: [i1BGpfHk018262]: processing message from
<address@hidden> completed (exit code 3)
Feb 11 19:55:14 www sendmail[18262]: i1BGpfHk018262: Milter accept: message
Feb 11 19:55:15 www sendmail[18429]: i1BGpfHk018262:
address@hidden,<address@hidden>, delay=00:00:11, xdelay=00:00:01, mailer=cyrus,
pri=39458, relay=localhost, dsn=2.0.0, stat=Sent
We don't see in the field of the headers "To: " ctl, we see "To: O?ANO YNOAEO
address@hidden"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HEADERS OF THAT MESSAGE, GETTED BY USER (address@hidden) AND SPAM
BUSKET(address@hidden)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Return-Path: <address@hidden>
Received: from mail.strs.ru ([unix socket])
by www.strs.ru (Cyrus v2.0.17); Wed, 11 Feb 2004 19:55:14 +0300
X-Sieve: cmu-sieve 2.0
Received: from lovecat.com ([61.37.176.39])
by mail.strs.ru (8.12.10/8.12.10) with SMTP id i1BGpfHk018262
for <address@hidden>; Wed, 11 Feb 2004 19:55:04 +0300 (MSK)
(envelope-from address@hidden)
Received: from takuyakimura.com (takuyakimura-com.mr.outblaze.com
[205.158.62.169])
by lovecat.com (Postfix) with ESMTP id 0EE62E5FCB
for <address@hidden>; Wed, 11 Feb 2004 11:44:49 -0500
Message-ID: <address@hidden>
X-Sender: address@hidden
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Date: Wed, 11 Feb 2004 11:44:49 -0500
To: O?ANO YNOAEO <address@hidden>
From: "Caesar S. Motif" <address@hidden>
Subject: *****SPAM*****
=?windows-1251?Q?=c0=e2=f2=ee=ec=e0=f2=e8=e7=e0=f6=e8=ff
=e1=f3=f5=e3=e0=eb=f2=e5=f0=f1=ea=ee=e3=ee, =ed=e0=eb=ee=e3=ee=e2=ee=e3=ee
=e8?= =?windows-1251?Q? =f2=ee=f0=e3=ee=e2=ee-=f1=ea=eb=e0=e4=f1=ea=ee=e3=ee
=f3=f7=e5=f2=e0?=
MIME-Version: 1.0
Content-Type: text/html;
charset=windows-1251
Content-Transfer-Encoding: quoted-printable
X-RAV-Antivirus: This e-mail has been scanned for viruses on host: lovecat.com
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=8.9 required=4.7 tests=DNS_FROM_RFCI_DSN,
HEAD_ILLEGAL_CHARS,HTML_20_30,HTML_FONTCOLOR_UNKNOWN,
HTML_FONT_FACE_BAD,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_RFCI autolearn=no version=2.60
X-Spam-Orig-To: <address@hidden>
X-Spam-Report:
* 0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.2 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
* 0.5 HTML_20_30 BODY: Message is 20% to 30% HTML
* 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 4.3 HEAD_ILLEGAL_CHARS Header contains too many raw illegal
characters
* 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?61.37.176.39>]
* 1.4 DNS_FROM_RFCI_DSN RBL: From: sender listed in
dsn.rfc-ignorant.org
* 0.1 RCVD_IN_RFCI RBL: Sent via a relay in ipwhois.rfc-ignorant.org
* [Inaccurate or missing WHOIS data]
X-Spam-Level: ********
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
www.strs.ru
WHAT SHOULD I DO?!
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- spamassassin+sendmail+cyrus,
None <=