'empty' messages

Pavel Urban pavel.urban@ct.cz
Mon Sep 19 06:24:28 UTC 2005


Hello,

I'm receiving user complaints about empty messages marked as spam by 
dcc. Some people in our company routinely send messages with just 
Subject: and 'empty' body. I've tried to add a rule for the most common 
destination, but it obviously doesn't work. Is there a way to whitelist 
this kind of traffic? Thanks!


from /var/dcc/whiteclnt:

ok      env_to  postmaster
         env_to  postmaster@iol.cz
         env_to  abuse@iol.cz
         env_to  tech@iol.cz


Here is one example of our 'bad' mail:

Received: from smtp-out3.iol.cz ([194.228.2.91]) by mail.imaginet.cz 
with Microsoft SMTPSVC(6.0.3790.211);
   Fri, 16 Sep 2005 16:25:16 +0200
Received: from ims1 (unknown [192.168.30.100])
  by smtp-out3.iol.cz (Internet on Line ESMTP server) with ESMTP id 
10C9431829D
  for <ftechhelp@imaginet.cz>; Fri, 16 Sep 2005 16:25:17 +0200 (CEST)
Received: from antivir3.iol.cz ([192.168.30.206])
  by ims-1.iol.cz (Internet on Line ESMTP Server)
  with ESMTP id <0IMW005RZYQ494@ims-1.iol.cz> for ftechhelp@imaginet.cz
  (ORCPT tech@iol.cz); Fri, 16 Sep 2005 16:25:16 +0200 (MEST)
Received: from localhost (antivir3.iol.cz [127.0.0.1])
  by antivir3.iol.cz (Postfix) with ESMTP id E825A54003 for 
<tech@iol.cz>; Fri,
  16 Sep 2005 16:25:16 +0200 (CEST)
Received: from mta-in1 (unknown [192.168.30.12]) by antivir3.iol.cz 
(Postfix)
  with ESMTP id AD5E854002 for <tech@iol.cz>; Fri,
  16 Sep 2005 16:25:16 +0200 (CEST)
Received: from dns1.ct.cz ([194.228.96.20])
  by mta-in1.iol.cz (Internet on Line ESMTP Server)
  with ESMTP id <0IMW00JGHYQ43K@mta-in1.iol.cz> for tech+antivir@iol.cz
  (ORCPT tech@iol.cz); Fri, 16 Sep 2005 16:25:16 +0200 (MEST)
Received: from dns2.ct.cz (dns2.ct.cz [194.228.97.20])
  by dns1.ct.cz (MTA-CT/ors-117) with ESMTP id j8GEPES03992 for 
<tech@iol.cz>;
  Fri, 16 Sep 2005 16:25:14 +0200
Received: from s638d0.user.ct.cz (s638d0.apl.ct.cz [172.26.198.96])
  by dns2.ct.cz (MTA-CT/ors-117) with ESMTP id j8GEPEL18800 for 
<tech@iol.cz>;
  Fri, 16 Sep 2005 16:25:14 +0200
Date: Fri, 16 Sep 2005 16:25:12 +0200
From: =?iso-8859-2?Q?Michlovsk=FD_Zbyn=ECk?= <zbynek.michlovsky@ct.cz>
Subject: ***SPAM*** ID= 1213405 Nema postovni schranku a nemuze odesila 
postu
To: tech@iol.cz
Message-id: <3294C67AFE7A7D4B9B3804F6C057B6BA95E9DA@S611D0.user.ct.cz>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-type: multipart/alternative;
  boundary="Boundary_(ID_UcczzQXx69EceQhForuqmA)"
Content-class: urn:content-classes:message
Thread-topic: ID= 1213405 Nema postovni schranku a nemuze odesila postu
Thread-index: AcW6ynMMEQkeuwZeS4is30uA9sh7tw==
X-Original-To: tech@iol.cz
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-Virus-Scanned: amavisd-new at iol.cz
X-Spam-Status: Yes, hits=11.206 required=6.31 tests=[ALL_TRUSTED=-3.3,
  AWL=0.670, BAYES_00=-2.599, DCC_CHECK=15, HTML_90_100=0.022,
  HTML_MESSAGE=0.001, HTML_SHORT_LENGTH=0.389, MIME_HTML_MOSTLY=1.023]
X-Spam-Level: ***********
X-Spam-Flag: YES
X-Spam-Report: Spam detection software,
  running on the system "antivir3.iol.cz",
  has identified this incoming email as possible spam.  The original 
message has
  been attached to this so you can view it (if it isn't spam) or label 
similar
  future email.  If you have any questions,
  see the administrator of that system for details. Content preview:  [...]
  Content analysis details:   (11.2 points,
  5.0 required) pts rule name              description ----
  ---------------------- 
-------------------------------------------------- -3.3
  ALL_TRUSTED            Did not pass through any untrusted hosts 0.4
  HTML_SHORT_LENGTH      BODY: HTML is extremely short 1.0 MIME_HTML_MOSTLY
   BODY: Multipart message mostly text/html MIME 0.0 HTML_MESSAGE
  BODY: HTML included in message 0.0 HTML_90_100            BODY: 
Message is 90%
  to 100% HTML -2.6 BAYES_00               BODY: Bayesian spam 
probability is 0
  to 1%                            [score: 0.0000]  15 DCC_CHECK
  Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 0.7 AWL
  AWL: From: address is in the auto white-list
X-OriginalArrivalTime: 16 Sep 2005 14:25:14.0488 (UTC)
  FILETIME=[74283780:01C5BACA]
Return-Path: zbynek.michlovsky@ct.cz

  --Boundary_(ID_Ajzjx47ndAoM2iOIoklt+A)
Content-type: text/plain; charset=iso-8859-2
Content-transfer-encoding: 7BIT

--Boundary_(ID_Ajzjx47ndAoM2iOIoklt+A)
Content-type: text/html; charset=iso-8859-2
Content-transfer-encoding: 7BIT


--Boundary_(ID_Ajzjx47ndAoM2iOIoklt+A)--

-- 
***********************************************************************
Pavel Urban (pavel.urban@ct.cz)
IOL system disaster
Internet OnLine, www.iol.cz (owned by Czech Telecom, www.ct.cz)
***********************************************************************
    Vegetables should not operate electronic equipment.
           Computer Stupidities, http://rinkworks.com/stupid/
***********************************************************************



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.