Spam Mail not detected by SpamAssassin

Use this forum for discussions about SpamAssassin and anti-spam in general.
Post Reply
User avatar
LVTS
New user
New user
Posts: 16
Joined: 2019-05-30 11:44
Location: England
Contact:

Spam Mail not detected by SpamAssassin

Post by LVTS » 2019-05-31 20:28

Hello there,

I have recently installed SpamAssassin on my server. This has been working perfectly and blocking spam. however, I recently received a spoofed email from myself.

The actual contents of the email in this specific case was actually an image, and therefore is this the reason that it was not detected as spam? Here is the record when I view the source of the email:

Code: Select all

Return-Path: charlie@skypoints.cn
X-Spam-Checker-Version: SpamAssassin 3.4.2 (svnunknown) on
	WIN-B38K5UG15FK.LVNET.NET
X-Spam-Level: *
X-Spam-Status: No, score=1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	HTML_IMAGE_ONLY_04,HTML_MESSAGE,LOCALPART_IN_SUBJECT,SPF_HELO_PASS,
	TVD_SPACE_RATIO autolearn=no autolearn_force=no version=3.4.2
Received: from Skypoints.cn (skypoints.cn [121.196.233.78])
Many Thanks.

palinka
Senior user
Senior user
Posts: 1190
Joined: 2017-09-12 17:57

Re: Spam Mail not detected by SpamAssassin

Post by palinka » 2019-06-01 00:05

When everything else is good (spf pass in this case), there's not much else to score. If it came from an actual spammer, the likely would be other rule hits, like helo not matching, relay in blacklist, etc.

There was a recent discussion on the spamassassin mail list about the possibility of OCR'ing the image for text rule hits but it was determined that it's just not worth the effort and cpu cycles to do the OCR.

User avatar
LVTS
New user
New user
Posts: 16
Joined: 2019-05-30 11:44
Location: England
Contact:

Re: Spam Mail not detected by SpamAssassin

Post by LVTS » 2019-06-01 09:37

The email was completely spoofed and looked like it came from my own Email Address.

User avatar
RvdH
Senior user
Senior user
Posts: 806
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spam Mail not detected by SpamAssassin

Post by RvdH » 2019-06-01 13:18

In that case you should require SMTP authentication for "Local to local e-mail addresses" for the "Internet" range, which is the default i believe....don't touch anything you don't know anything about :!:
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: Spam Mail not detected by SpamAssassin

Post by jimimaseye » 2019-06-01 13:26

RvdH wrote:
2019-06-01 13:18
In that case you should require SMTP authentication for "Local to local e-mail addresses" for the "Internet" range, which is the default i believe....don't touch anything you don't know anything about :!:
He already has. https://www.hmailserver.com/forum/viewt ... 09#p212209

I don't think we can judge this based on the headers he had shown, we need all the headers.... and an ideas of what his domain is.

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 806
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spam Mail not detected by SpamAssassin

Post by RvdH » 2019-06-01 13:28

jimimaseye wrote:
2019-06-01 13:26
He already has. https://www.hmailserver.com/forum/viewt ... 09#p212209

[Entered by mobile. Excuse my spelling.]
Than it couldn't have come from his own Email Address, spoofed or not...
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

palinka
Senior user
Senior user
Posts: 1190
Joined: 2017-09-12 17:57

Re: Spam Mail not detected by SpamAssassin

Post by palinka » 2019-06-01 22:22

I get spoofed messages all the time.

"My Real Name" <randomuser@somespamdomain.com>

As Jimi said, we need all the headers.

User avatar
RvdH
Senior user
Senior user
Posts: 806
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spam Mail not detected by SpamAssassin

Post by RvdH » 2019-06-02 02:09

What?
Your name can be spoofed...sure...but you are a fool if you don't notice that, no?
What i meant to say if you have require SMTP authentication for "Local to local e-mail addresses" for the "Internet" range you would never get a message from your own email address from the 'outside' when not authenticated...and after all, he claimed it was from his own email address, not name
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

Post Reply