Skip to content

email untouched by Spam Assassin?

General discussions and other topics.
19 posts Page 1 of 2
Post a reply

email untouched by Spam Assassin?

by Guest » Wed Oct 22, 2014 8:46 am
Several times recently we've received an obnoxious (aren't they all?) spam email. Finally went in and blacklisted the "from" address, but we continue to receive the message. Took a look at the headers today and see there there are none of the "X-Spam...." headers that we'd expect to see after Spam Assassin has had its way with the message. This leads us to believe that SA is not seeing or otherwise processing this message, making it highly unlikely that it will actually assassinate the spam. The particulars:

-Our address is in the "CC" line of the headers, not the "TO" line, and

-This address is in a domain Sonic is hosting for us; the alias is redirected to a discrete add-on "@sonic.net" email address

We've opened a support ticket on this, but thought we would throw it out here as well.
by kgc » Wed Oct 22, 2014 9:45 pm
Can you post a message-id header of one of these messages? I should be able to take a look and see what is going on.
Kelsey Cummings
System Architect, Sonic.net, Inc.
by Guest » Thu Oct 23, 2014 8:00 am
Message-Id: <[email protected]>
by aw » Thu Oct 23, 2014 2:01 pm
There an attachment on it? SA ignores messages over a certain size.
by Guest » Thu Oct 23, 2014 8:51 pm
Looks like around 240 KB, give or take....
by kgc » Mon Oct 27, 2014 5:07 pm
It looks that particular message should have been marked as spam. To double check, this was on
Oct 20 at 18:31:23?

spamd: result: Y 98 - MSGID_FROM_MTA_HEADER,SNF4SA,USER_IN_BLACKLIST scantime=20.9,size=1295,mid=<[email protected]>,autolearn=disabled
Kelsey Cummings
System Architect, Sonic.net, Inc.
by Guest » Mon Oct 27, 2014 6:23 pm
That looks about right....


Return-Path: < the spammy sender >
Received: from k.mx.sonic.net (a.spam-proxy.sonic.net [69.12.221.245])
by c.spam.sonic.net (8.14.4/8.14.4) with ESMTP id s9L1V0gj019370
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for < my real sonic.net address >; Mon, 20 Oct 2014 18:31:02 -0700
Received: from mx132.72dns.net (mx123.72dns.com [211.155.230.254])
by k.mx.sonic.net (8.14.9/8.14.9) with SMTP id s9L1TsSY029378
for < my domain email alias that points to my sonic.net address >; Mon, 20 Oct 2014 18:30:38 -0700
Message-Id: <[email protected]>
Date: Tue, 21 Oct 2014 09:30:51 +0800
From: < the spammy sender >
To: < some other poor sucker >
Cc: < my domain email alias that points to my real sonic.net address >
Subject: blah blah blah
X-mailer: Foxmail 5.0 [cn]
Disposition-Notification-To: < the spammy sender >
Mime-Version: 1.0
Content-Type: multipart/related;
boundary="=====002_Dragon588473428708_=====";
type="multipart/alternative"
Received: from blah blah blah (unknown [219.140.150.41])
by mx132.72dns.net (ESMTP) with SMTP id 0
for < the spammy sender >; Tue, 21 Oct 2014 09:29:46 +0800 (CST)
by linelle » Tue Oct 28, 2014 10:51 am
There is so much spam getting through, including alerts about sex offenders in my neighborhood.
by ben » Tue Oct 28, 2014 12:32 pm
linelle wrote:There is so much spam getting through, including alerts about sex offenders in my neighborhood.
I'm getting a lot of those too, along with fake notices about credit scores and various types of insurance.
by linelle » Tue Oct 28, 2014 12:35 pm
I'm surprised how much there is, and of the same kind. Occasionally I've been uncertain and, perhaps unwisely, viewed the email. It contains ALERT. PHISHING SCAM. Well, great, fine, glad someone figured that out. Can't Spam Assassin just not deliver it to my inbox?
19 posts Page 1 of 2

Return to “General”