Spam getting through with spamassasin score of 0.00

General eFa discussion
Post Reply
ziain
Posts: 7
Joined: 30 Sep 2017 12:44

Spam getting through with spamassasin score of 0.00

Post by ziain »

I'm getting a lot of spam coming through with a spamassasin score of zero, you can see in the image below that it appears no processing has been carried out, unless i have misunderstood it.
spam.png
spam.png (164.03 KiB) Viewed 5763 times
All these emails have almost no content with the exception of a few remote images, but they are 2mb in size.

Is there anything that can be done to get this sorted?

Thanks
User avatar
BOOZy
Posts: 39
Joined: 04 Oct 2017 13:17

Re: Spam getting through with spamassasin score of 0.00

Post by BOOZy »

I'm curious about the content of this email message.
If all images are remote, how does it get this big?
Can you post it somewhere as .eml?
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Spam getting through with spamassasin score of 0.00

Post by ovizii »

afaik SA does not scan emails above a certain size as "usually" spammers send "small" emails in high volumes so most emails with "big" attachments are usually HAM. You can change this in your Mailscanner config as far as I remember. => https://www.mailscanner.info/MailScanne ... x.html#Max Spam Check Size

and no, that is not a remote image otherwise it wouldn't show a size of 2.11MB this email really is that big
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Spam getting through with spamassasin score of 0.00

Post by pdwalker »

As ovizii says.

Edit /etc/MailScanner/MailScanner.conf

search for "Max Spam Check Size = " and you'll find the setting.

Set it to a larger number - how large depends on the capabilities of your box.

I forget what the default was, but I've set my to "many many megabytes".
ziain
Posts: 7
Joined: 30 Sep 2017 12:44

Re: Spam getting through with spamassasin score of 0.00

Post by ziain »

Hi all,

Thank you for your replies.

BOOZy, unfortunately i don't have at the moment that I can upload as they get deleted as they come in.

As you can see below, this is how they appear in outlook, and all of them that have been received look the same way. There is no attachment and it only shows the option to download the remote images. Interestingly enough, when i did save some of these emails as eml files they only took up about 400kb yet all of them showed the 2.11mb on my original screenshot.

A couple of days ago I changed the MailScanner Max Spam Check Size to 5mb and have only had one since, that one had a slightly different message, the spam repoort states timed out, but it still appeared in outlook the same way, but it only reported as 637kb.

ovizii, I agree with you, I can't say I've seen spam emails this big before.

When you save one of these as an eml and then open it up in notepad, you get the headers at the top then there are just hundreds, if not thousands of lines of lines of gibberish.
mailscanner.png
mailscanner.png (59.83 KiB) Viewed 5701 times
Danforth
Posts: 1
Joined: 18 Nov 2017 09:33

Re: Spam getting through with spamassasin score of 0.00

Post by Danforth »

Image

I've been getting tons of emails like this as well. So annoying!
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Spam getting through with spamassasin score of 0.00

Post by ovizii »

Well, lets look at these issues one by one:

a) Outlook / Exchange settings prohibit download of images until allowed by user. Nothing to be done on EFA's side.
b) Images external/internal/etc. I see someone said:
When you save one of these as an eml and then open it up in notepad, you get the headers at the top then there are just hundreds, if not thousands of lines of lines of gibberish.
As far as I understand that would mean the images were inline (here is a site explaining how to add an attachment and then how to make it inline with outlook client https://www.extendoffice.com/documents/ ... email.html)
c) Mailscanner detected a possible fraud: please check these docs and then adapt your Mailscanner config:
https://www.mailscanner.info/MailScanne ... .html#Find Phishing Fraud
https://www.mailscanner.info/MailScanne ... #Highlight Phishing Fraud
Post Reply