Spam platform problem
Here's one from my mailbox:
Envelope-to: abc@xyz.plus.com
Delivery-date: Tue, 18 Sep 2007 10:55:44 +0000
Received: by pih-sunmxcore18.plus.net with spam-scanned (PlusNet MXCore v2.00) id 1IXak3-00033r-If
for abc@xyz.plus.com; Tue, 18 Sep 2007 10:55:44 +0000
X-Daemon-Classification: INNOCENT
Received: from 71-80-3-048.dhcp.sffl.va.charter.com ([71.80.3.48])
by pih-sunmxcore18.plus.net with esmtp (PlusNet MXCore v2.00) id 1IXajw-0002ip-FV
for abc@xyz.plus.com; Tue, 18 Sep 2007 10:55:43 +0000
Received: from [71.80.3.48] by eforward4.name-services.com; Tue, 18 Sep 2007 05:56:27 -0500
Message-ID: <01c7f9e2$8fb97690$30035047@fernan>
From: "Will Mcrae" <fernan@plugvoip.com>
To: <abc@xyz.plus.com>
Subject: US $ 99.95 buy now Viagra 100mg x 30 pills
Date: Tue, 18 Sep 2007 05:56:27 -0500
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_0006_01C7F9E2.8FB97690"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Tue Sep 18 11:55:43 2007
X-DSPAM-Confidence: 1.0000
X-DSPAM-Improbability: 1 in 98689409 chance of being spam
X-DSPAM-Probability: 0.0023
X-DSPAM-Factors: 27,
vanishing+Dim, 0.40000,
vanishing+Dim, 0.40000,
X-PN-VirusFiltered*MXCore, 0.40000,
Received*Sep, 0.40000,
Received*Sep, 0.40000,
Subject*Viagra, 0.40000,
hspace=0+src="cid, 0.40000,
Content-Type*charset="us, 0.40000,
Content-Type*charset="us, 0.40000,
equiv=Content+Type, 0.40000,
ends?+From, 0.40000,
ends?+From, 0.40000,
face=Arial+size=2>XVI, 0.40000,
watch, 0.40000,
watch, 0.40000,
endless, 0.40000,
endless, 0.40000,
Message-ID*<01c7f9e2$8fb97690$30035047+fernan>, 0.40000,
ends?, 0.40000,
ends?, 0.40000,
Received*Tue, 0.40000,
Received*Tue, 0.40000,
Received*2007+10, 0.40000,
What+is, 0.40000,
What+is, 0.40000,
from, 0.40000,
from, 0.40000
Thanks guys, I've raised problem 46487.
Seems reminiscent of this.
Edit: Should now be fixed. It would appear that a problem with last night's training caused the Bayesian spam database on two of the 22 mail delivery servers to 'forget' what they had learnt with regards to spam email. They've been 're-educated' and should be behaving themselves now
Seems reminiscent of this.
Edit: Should now be fixed. It would appear that a problem with last night's training caused the Bayesian spam database on two of the 22 mail delivery servers to 'forget' what they had learnt with regards to spam email. They've been 're-educated' and should be behaving themselves now
Surely one could script a Nagios job to test for this on each relay?
Script an event that sends a mail through each particular relay to a specified mailbox, sleep for a short while, then check each mailbox, parse the headers for 0.40000 and respond with a pass/fail.
At least it would get the "flachenblinkenlights" going to alert someone
B.
Script an event that sends a mail through each particular relay to a specified mailbox, sleep for a short while, then check each mailbox, parse the headers for 0.40000 and respond with a pass/fail.
At least it would get the "flachenblinkenlights" going to alert someone
B.
Quote from: Barry Surely one could script a Nagios job to test for this on each relay?
Script an event that sends a mail through each particular relay to a specified mailbox, sleep for a short while, then check each mailbox, parse the headers for 0.40000 and respond with a pass/fail.
At least it would get the "flachenblinkenlights" going to alert someone
B.
Damn, I'm having a quiet day at work today.
So, I found a nicely updated version of Mailping here
That does the mail delivery part. Simply modifying the .pl script to check for the 0.4000000 headers would give you a lovely, handy Nagios script to tell you before your customers do
B.