emails bypassing spam test?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
craigbaker
New user
New user
Posts: 3
Joined: 2018-10-07 20:39

emails bypassing spam test?

Post by craigbaker » 2019-01-11 18:39

I am getting tons of emails offering photo editing services that don't appear if they are being run through the anti-spam tests. Any ideas?

From - Fri Jan 11 09:31:33 2019
X-Account-Key: account3
X-UIDL: 56781
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: loushoninteerspanlop@verizon.net
Received: from headlightmag.com (aliceandolivia.com [216.245.204.40])
by mydomAIN.org with ESMTP
; Fri, 11 Jan 2019 08:02:10 -0800
To:
Subject: The photo editing
Message-ID: <2552f8368a460b5350ab66148af20e49@silverjeans.com>
Return-Path: loushoninteerspanlop@verizon.net
Date: Fri, 11 Jan 2019 11:06:05 +0100
From: "Davis" <loushoninteesrpadnlop@verizon.net>
Reply-To: jasminfen@aliyun.com
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Transfer-Encoding: 8bit

We provide photo shooting and editing.

If you have products to shoot or photos ready to edit, we can help.

Here are editing we mostly for the photos from our customers.
Photos cut out , clipping path, and retouching.

If you have the shots ready, you can send us, we will let our editing
people to work on them.

Thanks,
Davis

User avatar
SorenR
Senior user
Senior user
Posts: 2690
Joined: 2006-08-21 15:38
Location: Denmark

Re: emails bypassing spam test?

Post by SorenR » 2019-01-11 19:51

Received: from headlightmag.com (aliceandolivia.com [216.245.204.40])
by mydomAIN.org with ESMTP
; Fri, 11 Jan 2019 08:02:10 -0800
BLUE not equal to RED = 98% SPAM.

BLUE is the greeting from HELO/EHLO (SMTP logging) and RED is the hostname of [216.245.204.40].

If you are not using SpamAssassin and/or not regularly training SpamAssassin you need to do some scripting to catch this.
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
SorenR
Senior user
Senior user
Posts: 2690
Joined: 2006-08-21 15:38
Location: Denmark

Re: emails bypassing spam test?

Post by SorenR » 2019-01-11 20:06

DNSBL's to use...

DNS host
Expected result
Message
Score


- b.barracudacentral.org <== THIS IS POSITIVE ON 216.245.204.40
- 127.0.0.2
- RBL - Rejected by Barracuda Reputation Block List
- 5 <== High enough to mark as SPAM but not high enough to delete

- zen.spamhaus.org
- 127.0.0.2-9
- RBL - Rejected by Spamhaus
- 5

- bl.spamcop.net
- 127.0.0.2
- RBL - Rejected by SpamCop
- 5

- sbl.spamhaus.org
- 127.0.0.3
- RBL - Rejected by Spamhaus (Snowshoe)
- 99999 <== NUKE, KILL, DELETE, DEPORT TO MEXICO. Yeah I know - not very PC :mrgreen:
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7624
Joined: 2011-09-08 17:48

Re: emails bypassing spam test?

Post by jimimaseye » 2019-01-11 20:34

SorenR wrote:
2019-01-11 20:06
- zen.spamhaus.org
- 127.0.0.2-9
- RBL - Rejected by Spamhaus
- 5

- sbl.spamhaus.org
- 127.0.0.3
- RBL - Rejected by Spamhaus (Snowshoe)
- 99999
Assuming it is a snowshoe spam you are running 2x lookups to get the same result twice (the zen lookup will also return 127.0.0.3 as it is a combination of all the spamhaus checks).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

craigbaker
New user
New user
Posts: 3
Joined: 2018-10-07 20:39

Re: emails bypassing spam test?

Post by craigbaker » 2019-01-11 21:04

Thanks guys. I am not using SA, just the built in spam tests on hmail server. I just don't get why it is not being scored by hmail

User avatar
SorenR
Senior user
Senior user
Posts: 2690
Joined: 2006-08-21 15:38
Location: Denmark

Re: emails bypassing spam test?

Post by SorenR » 2019-01-11 21:17

jimimaseye wrote:
2019-01-11 20:34
SorenR wrote:
2019-01-11 20:06
- zen.spamhaus.org
- 127.0.0.2-9
- RBL - Rejected by Spamhaus
- 5

- sbl.spamhaus.org
- 127.0.0.3
- RBL - Rejected by Spamhaus (Snowshoe)
- 99999
Assuming it is a snowshoe spam you are running 2x lookups to get the same result twice (the zen lookup will also return 127.0.0.3 as it is a combination of all the spamhaus checks).
yeah but this way i can nuke it without affecting the other tests
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

palinka
Senior user
Senior user
Posts: 436
Joined: 2017-09-12 17:57

Re: emails bypassing spam test?

Post by palinka » 2019-01-12 00:54

craigbaker wrote:
2019-01-11 21:04
Thanks guys. I am not using SA, just the built in spam tests on hmail server. I just don't get why it is not being scored by hmail
Which spam tests are you performing?

I did a blacklist check on the 2 domains listed and one was gmail and the other was not on any blacklist at mxtoolbox.com, so they (probably) wouldn't get picked up in hmailserver spam tests.

SA works very, very well. You should use it if you're getting too much spam.

Post Reply