[exim] Spam bypassing spamassassin et al

Góra strony
Delete this message
Reply to this message
Autor: John Mc Murray
Data:  
Dla: Exim Mailing List
Temat: [exim] Spam bypassing spamassassin et al
Hello,

I have an issue that I can't explain. I've been received a fair amount
of the spam below. What's unusual is that it seems to bypass my acls,
spamassassin, etc. I would expect to see the SpamAssassin scores in the
headers but this just seems to be doing something to bypass that.

The only thing I note is that its sent my smtp (as oppossed to esmtp).
Would that make a difference?

I've appended the mail and the log lines below

Thanks a mil!

PS, I originally attached the entire spam email (only a few lines), but
the exim list then rejected my mail as spam!

John


Complete Mail:
======================================================

Return-path: <>
Envelope-to: my@???
Delivery-date: Tue, 01 Sep 2015 12:10:05 +0200
Received: from a113.sub165.net78.udm.net ([78.85.165.113]:51034 
helo=78.85.165.113)
         by myserver.co.za with smtp (Exim 4.80.1)
         id 1ZWiVw-0007MT-3m
         for my@???; Tue, 01 Sep 2015 12:10:04 +0200
Received: from unknown (HELO localhost) 
(nitc.co.ir@???@207.80.158.108)
         by 78.85.165.113 with ESMTPA; Tue, 1 Sep 2015 14:12:34 +0400
X-Originating-IP: 207.80.158.108
From: nitc.co.ir@???
To: my@???
Message-Id: <E1ZWiVw-0007MT-3m@???>
Date: Tue, 01 Sep 2015 12:10:04 +0200
Subject: Received annoying spam from BestMoversToronto?





LOG LINES:
======================================================

2015-09-01 12:10:01 [29631] SMTP connection from [78.85.165.113]:51034
I=[5.5.5.5]:25 (TCP/IP connection count = 1)
2015-09-01 12:10:05 [28301] 1ZWiVw-0007MT-3m <= <>
H=a113.sub165.net78.udm.net (78.85.165.113) [78.85.165.113]:51034
I=[5.5.5.5]:25 P=smtp S=1476 T="Received annoying spam from
BestMoversToronto?" from <> for my@???
2015-09-01 12:10:05 [28417] cwd=/var/spool/exim 3 args: /usr/sbin/exim
-Mc 1ZWiVw-0007MT-3m
2015-09-01 12:10:05 [28417] 1ZWiVw-0007MT-3m => Me <my@???> F=<>
P=<> R=localuser T=dovecot_delivery S=1569 QT=1s DT=0s
2015-09-01 12:10:05 [28301] SMTP connection from
a113.sub165.net78.udm.net (78.85.165.113) [78.85.165.113]:51034
I=[5.5.5.5]:25 closed by QUIT
2015-09-01 12:10:08 [28417] 1ZWiVw-0007MT-3m Completed QT=4s





--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/