EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > Runbox Forum
Reload this Page spam leaking through. question...
Register FAQ Members List Calendar Today's Posts
Stay in touch wirelessly

Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc.

Reply
 
Thread Tools
Old 7 Sep 2008, 12:27 AM   #1
ltwally
Member
 
Join Date: Mar 2005
Posts: 76
spam leaking through. question...
I'm seeing a small amount of very obvious SPAM sneaking through to my Inbox.

I have the following filters to help with SPAM:
Order: -8
Messages where header contains X-Spam-Level: ******
will be deleted
Order: -7
Messages where header contains X-Spam-Level: *****
will be deleted
Order: -6
Messages where header contains X-Spam-Level: ****
will be deleted
Order: -2
Messages where header contains X-Spam-Flag: YES
will be saved to folder Trash



Here is an example Spam message. I have blanked out my actual email address. The header very obviously shows it as SPAM... yet it still hit my Inbox. Any ideas?

Code:
From user2@domain2 Sat Sep 06 12:27:59 2008
Return-path: <user2@domain2>
Received: from [10.9.9.160] (helo=penny.runbox.com)
	by anubis.runbox.com with esmtp  (Exim 4.50)
	id 1Kbv1L-0004Nm-7i
	for xxxxxxxxxxx@runbox.com; Sat, 06 Sep 2008 12:27:59 +0200
Received: from exim by penny.runbox.com with spamfilter  (Exim 4.50)
	id 1Kbv1I-0006yo-OL
	for xxxxxxxxxxx@runbox.com; Sat, 06 Sep 2008 12:27:59 +0200
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on bars.runbox.com
X-Spam-Level: ******************************
X-Spam-Status: Yes, score=30.4 required=4.0 tests=HELO_DYNAMIC_IPADDR2,
	HELO_DYNAMIC_SPLIT_IP,MIME_BASE64_BLANKS,MIME_BASE64_TEXT,NULL_IN_BODY,
	RCVD_IN_SORBS_DUL,RCVD_NUMERIC_HELO,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,
	URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL
	autolearn=disabled version=3.2.3
X-Spam-Report: 
	*  4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
	*       2)
	*  4.2 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
	*      IP)
	*  2.6 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
	*  0.0 MIME_BASE64_BLANKS RAW: Extra blank lines in base64 encoding
	*  2.8 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
	*  1.5 NULL_IN_BODY FULL: Message has NUL (ASCII 0) byte in message
	*  2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
	*      [URIs: iuuuea.com]
	*  1.6 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
	*      [URIs: iuuuea.com]
	*  2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
	*      [URIs: iuuuea.com]
	*  2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
	*      [URIs: iuuuea.com]
	*  2.1 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
	*      [URIs: iuuuea.com]
	*  2.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
	*      [URIs: iuuuea.com]
	*  1.6 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
	*      [213.37.53.155 listed in dnsbl.sorbs.net]
	*  0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
Received: from [213.37.53.155] (helo=213.37.53.155.dyn.user.ono.com)
	by penny.runbox.com with smtp  (Exim 4.50)
	id 1Kbv0h-0005Wx-Gd; Sat, 06 Sep 2008 12:27:21 +0200
X-Originating-IP: 96.39.238.82 by smtp.213.37.53.155;  Sat, 06 Sep 2008 17:20:09 +0600
Message-ID: <qfzvtebNWASWlmp@runbox.com>
From: "Removed" <user1@runbox.com>
Reply-To: "Removed" <user1@runbox.com>
To: user1@runbox.com
Subject: Summer discount on w4tches
Date: Sat, 06 Sep 2008 06:27:09 -0500
Content-Type: text/plain;
Content-Transfer-Encoding: base64

SWYgeW91J3ZlIHdhaXRlZCB0byBnZXQgeW91ciBUNGcgSDN1ZXIgcmVwbDFjYSB3NHRjaCwN
CnRoaXMgaXMgdGhlIHJpZ2h0IHRpbWUgdG8gZ28gZm9yIGl0LCBiZWNhdXNlIA0KUHJlc3Qx
Z2UgUmVwbDFjYXMgaXMgb2ZmZXJpbmcgd2hvbGVzYWxlciBwcmljZXMgb24NCmFsbCB0aGVp
ciByZXBsMWNhIHc0dGNoZXMgZHVyaW5nIHRoZSBtb250aCBvZiBTZXB0ZW1iZXIuIA0KaHR0
cDovL3d3dy5pdXV1ZWEuY29tLw0K X
Mod: Removed personal names/domains.
Last edited by Sherry : 7 Sep 2008 at 03:17 AM.
ltwally is offline   Reply With Quote

Old 7 Sep 2008, 12:46 AM   #2
carverrn
Intergalactic Postmaster
 
Join Date: Jan 2002
Location: Chicago, IL
Posts: 5,606

Representative of:
Runbox.com
You also appear to have a filter that says:

Order: -10
Messages where From contains runbox.com
will be saved to folder Inbox

This example has a "From" address that contains "runbox.com" so it will be moved to the "Inbox" before your spam test filters/rules. Once a message is moved to a folder no further filters/rules are applied.

Regards,
Rich
carverrn is offline   Reply With Quote
Old 7 Sep 2008, 04:03 AM   #3
ltwally
Member
 
Join Date: Mar 2005
Posts: 76
Quote:
Originally Posted by carverrn View Post
You also appear to have a filter that says:

Order: -10
Messages where From contains runbox.com
will be saved to folder Inbox

This example has a "From" address that contains "runbox.com" so it will be moved to the "Inbox" before your spam test filters/rules. Once a message is moved to a folder no further filters/rules are applied.

Regards,
Rich
Hmmm. Ooops.
ltwally is offline   Reply With Quote
Old 7 Sep 2008, 05:22 AM   #4
carverrn
Intergalactic Postmaster
 
Join Date: Jan 2002
Location: Chicago, IL
Posts: 5,606

Representative of:
Runbox.com
No problem
carverrn is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 03:11 PM.

 
Email Discussion Forums - Top

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy