amenex Posted February 3, 2009 Posted February 3, 2009 Here are the headers: > Return-Path: <rampartsm9[at]oaline.com> > Delivered-To: spamcop-net-[munged][at]spamcop.net > Received: (qmail 7207 invoked from network); 3 Feb 2009 11:59:12 -0000 > X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade4 > X-spam-Level: **** > X-spam-Status: hits=4.5 tests=MIME_QP_LONG_LINE,RDNS_NONE,TW_WT,URIBL_SBL version=3.2.4 > Received: from unknown (192.168.1.107) > by blade4.cesmail.net with QMQP; 3 Feb 2009 11:59:12 -0000 > Received: from unknown (HELO PHRRDKTQ) (210.3.53.30) > by mx70.cesmail.net with SMTP; 3 Feb 2009 11:59:10 -0000 > Received: by VKQCR.nmroqoauvrd.com (Postfix, from userid 80) > id KK42SRAP3M; Tue, 3 Feb 2009 19:59:09 +0800 > To: shinybluegrasshopper[at]spamcop.net > Subject: Give your couple some heat wtvoxu boeih > Reply-to: rampartsm9[at]oaline.com > From: "Noe Grimes" <31tcmcfq2723[at]oaline.com> > Message-ID: <527032188.70702468046195[at]rampartsm9> > MIME-Version: 1.0 > Content-type: text/plain; charset=windows-1251 > Date: Tue, 3 Feb 2009 19:59:09 +0800 > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: PHP > X-MimeOLE: Produced By phpBB2 > Content-Transfer-Encoding: quoted-printable > X-SpamCop-Checked: 210.3.53.30 > X-SpamCop-Disposition: Blocked cbl.abuseat.org I'm not grumbling about the fact that it's been tagged as blocked by cbl.abuseat.org. It's the addressee: shinybluegrasshopper[at]spamcop.net - my spamcop username appears only in the [munged] second line of the headers: > > Delivered-To: spamcop-net-[munged][at]spamcop.net Why am I receiving this email ? It's not been filtered because I've set the filter trigger at five *'s (*****) and this spam has only four. There seems to be no hint as to why my Inbox is the lucky recipient. The first "received by" is nmroqoauvrd.com, a nonexistent domain ... George Langford amenex
DavidT Posted February 3, 2009 Posted February 3, 2009 Your question about the addressing is easily explained....a lot of spam gets sent out using the BCC (blind carbon copy) method, so anyone's address could appear in the "To" box and yet your address was on a BCC list that you're not seeing. However, the message in question should have wound up in the Held mail folder...not in your Inbox, unless perhaps you haven't got all of the Blacklists selected in your options? I'd also recommend a SpamAssassin setting of 4, rather than the default of 5. That should help route more stuff to your Held folder as well.....but do go into your options and make sure that all of the Blacklists are turned on. DT
amenex Posted February 3, 2009 Author Posted February 3, 2009 DavidT wrote: > Your question about the addressing is easily explained....a lot of spam gets > sent out using the BCC (blind carbon copy) method, so anyone's address > could appear in the "To" box and yet your address was on a BCC list that > you're not seeing. Arghhh. > However, the message in question should have wound up in the Held mail > folder...not in your Inbox, unless perhaps you haven't got all of the Blacklists > selected in your options? I've got the relocation to Held Mail on hold - I checked the "Tag Only" box so my filters will intercept the stuff that's guaranteed to be spam. > I'd also recommend a SpamAssassin setting of 4, rather than the default of 5. > That should help route more stuff to your Held folder as well.....but do go into > your options and make sure that all of the Blacklists are turned on. They're all on - but just tag the spams. I'm trying to design the filters so they don't mis-identify legitimate emails. I've got mail coming from several domains, and they all receive this BCC junk, so I'm filtering mail to "[at]domain" that has a SpamAssassin rating of ***** and worse. If I relax that, then a playful email might end up in my PsuedoHeldMail box. Is there any other way of catching BCC mail with a filter setting ? Thanks, George Langford amenex
agsteele Posted February 4, 2009 Posted February 4, 2009 They're all on - but just tag the spams. I'm trying to design the filters so they don't mis-identify legitimate emails. I've got mail coming from several domains, and they all receive this BCC junk, so I'm filtering mail to "[at]domain" that has a SpamAssassin rating of ***** and worse. If I relax that, then a playful email might end up in my PsuedoHeldMail box. Is there any other way of catching BCC mail with a filter setting ? You could just as easily 'hold' the suspect messages since they aren't reported or deleted automatically. Just held in the 'Held Mail' folder. You can check them out there before deciding how to process them. Works just fine... In addition to DavidT's recommendations I'd suggest you apply grey-list filtering once you're happy with the other filters. This drops the load significantly and will catch almost all the BCC type mail. BUT you'll never see it in your mailbox so be sure everytin else is working OK first Andrew
Recommended Posts
Archived
This topic is now archived and is closed to further replies.