On Thu 17 Jun I deleted and reapplied the filters to Chopchop>cbcog98.org
On Fri 18 Jun +8 *'s were still not being sent to dev/nul
I run the same here at home Chopchop>wap3.com
Below is one that came in this morning
CPanel Filters:
Any Header > Begins >> X-Spam-Level: ********
Any Header > Contains >> ********
When I put this in the test area it works, but there seems to be a timing/order problem with filters and SA
Could the filters be running before SA?
Are the SA headers not being added after SA and before filters?
This issue is clogging up PopFile History on the local mailservers with this trash
When our office [cbcog98] starts at 07:00 every morning at least 50 mails are retrieved with only 3-5 good ones, 3-5 that are in the point range 2.5 and 8 and have to checked manually in the quaranteened mailbox and the rest should have gone to dev/nul
This morning as so far has 23 mails, 2 PopFile classed MAIL, the rest DELETE and the ones I quickly checked are beyond the filter +8 *'s setting
Like I said when I first did this after the parent posting it worked for a month or so and the last few weeks has been failing
Thanks
--Trey Pattillo
------- BEGIN FAILED FILTERING -------------
Return-path: <wap339a
chopchop.surpasshosting.com>
Envelope-to:
wap339achopchop.surpasshosting.com
Delivery-date: Sat, 19 Jun 2004 07:44:05 -0400
Received: from wap339a by chopchop.surpasshosting.com with local-bsmtp (Exim 4.34)
id 1BbeGS-00020g-Jb
for
wap339achopchop.surpasshosting.com; Sat, 19 Jun 2004 07:44:05 -0400
Received: from localhost by chopchop.surpasshosting.com
with SpamAssassin (2.63 2004-01-11);
Sat, 19 Jun 2004 07:44:05 -0400
From: "Bobby Shipman" <MCUUUISRTMQMAY
yahoo.com>
To: Meyer<meyer
wap3.com>
Subject: Meds Delivered to your door step - no previous prescription required
Date: Sat, 19 Jun 2004 07:40:32 -0600
Message-Id: <1089528930.89221
paypal.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
chopchop.surpasshosting.com
X-Spam-Level: *************************
X-Spam-Status: Yes, hits=25.1 required=2.0 tests=BAYES_99,BIZ_TLD,
CONFIRMED_FORGED,FORGED_YAHOO_RCVD,HTML_70_80,HTML _FONTCOLOR_UNKNOWN,
HTML_MESSAGE,MIME_BOUND_NEXTPART,RCVD_IN_BL_SPAMCO P_NET,RCVD_IN_DSBL,
RCVD_IN_DYNABLOCK,RCVD_IN_NJABL,RCVD_IN_NJABL_DIAL UP,RCVD_IN_OPM,
RCVD_IN_OPM_HTTP,RCVD_IN_OPM_HTTP_POST,RCVD_IN_OPM _SOCKS,
RCVD_IN_SORBS,URI_OFFERS autolearn=spam version=2.63
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_40D42705.73983EAA"
This is a multi-part message in MIME format.
------------=_40D42705.73983EAA
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "chopchop.surpasshosting.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: ------=_NextPart_000_00YJ_09C7715BG_06G.908Q61J0
Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding:
7bit Your mailer do not support HTML messages. Switch to a better
mailer. [...]
Content analysis details: (25.1 points, 2.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us
0.1 HTML_MESSAGE BODY: HTML included in message
5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.1 HTML_70_80 BODY: Message is 70% to 80% HTML
0.1 BIZ_TLD URI: Contains a URL in the BIZ top-level domain
1.0 URI_OFFERS URI: Message has link to company offers
0.9 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
1.0 RCVD_IN_OPM_HTTP RBL: OPM: sender is open HTTP CONNECT proxy
[200.78.58.155 listed in opm.blitzed.org]
1.0 RCVD_IN_OPM RBL: Received via a relay in opm.blitzed.org
[200.78.58.155 listed in opm.blitzed.org]
3.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP
[200.78.58.155 listed in dnsbl.njabl.org]
1.3 RCVD_IN_OPM_SOCKS RBL: OPM: sender is open SOCKS proxy
[200.78.58.155 listed in opm.blitzed.org]
1.0 RCVD_IN_OPM_HTTP_POST RBL: OPM: sender is open HTTP POST proxy
[200.78.58.155 listed in opm.blitzed.org]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[200.78.58.155 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[200.78.58.155 listed in dnsbl.njabl.org]
0.7 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=200.78.58.155>]
1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?200.78.58.155>]
2.6 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[200.78.58.155 listed in dnsbl.sorbs.net]
0.5 MIME_BOUND_NEXTPART Spam tool pattern in MIME boundary
4.1 CONFIRMED_FORGED Received headers are forged
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
[........... origianal message snipped due to size limitations.................
[ ........... SNIPPED image001.gif to save space in posting ..............]