Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - keywords filter
  FAQ FAQ  Forum Search   Register Register  Login Login

keywords filter

 Post Reply Post Reply
Author
vrspock View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote vrspock Quote  Post ReplyReply Direct Link To This Post Topic: keywords filter
    Posted: 06 January 2006 at 8:54am

I've noticed this on a few occassions and just had another instance of it.  Periodically, spamfilter seems to allow an email to slip through that contains a black listed keyword within the body of the email.  At first I thought perhaps my server was  overloaded and spamfilter just skipped over the keyword filter somehow, but after catching several of these I began to take a deeper look into what's going on.

After investigating and scratching my head a few times, I decided to go onto the actual mail server and open the corresponding .mai file with notedpad for a truely raw view of the email in question.  Here's what I found out...Outlook is rendering the emails as plain text.  Webmail also renders the emails as "normal" looking emails, however, upon inspecting the .mai file the email appears to be using some sort of uuencoding through out the body of the message that is allowing it to completely slip through despite that it appears to be laced with plain text keywords that I have black listed.  Anyone got any ideas on how to combat these?  See sample below.

Received: from noah ([10.14.10.18]) by v-sources.com with MailEnable ESMTP; Thu, 05 Jan 2006 19:34:40 -0500
Received: from 151.203.109.90 by v-sources.com (LogSat Software SMTP Server) Thu, 5 Jan 2006 19:34:37 -0500
Message-ID: <IIBDOMPFDHDCOEFHNEDPNPOECGAB.merrill_gorman_lk@fyi.net>
From: "Merrill Gorman" <merrill_gorman_lk@fyi.net>
To: fdickey@v-sources.com
Subject: Stock Market Standouts
Date: Thu, 05 Jan 2006 22:33:44 +0000
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: base64
X-Server: LogSat Software SMTP Server
X-SF-RX-Return-Path: <merrill_gorman_lk@fyi.net>
X-SF-HELO-Domain: amfam.com
X-Read: 1

Vmlub2JsZSBJbmMuIChWTkJMLm9iKQ0KDQpBIE1BU1NJVkUgTUFSS0VUSU5H
IENBTVBBSUdOIEhBUyBCRUdVTiBGT1IgRlJJREFZIEpBTiA2VEggDQpBTkQg
R09JTkcgSU5UTyBUSEUgUkVTVCBPRiBUSEUgV0VFSy4gV0UgRkVFTCBJVFMg
R09JTkcgVE8NCkhJVCBPVkVSIDIwMCUgR0FJTiBUSElTIFdFRUsgV0lUSCBB
TEwgVEhFIE5FVyBJTlZFU1RPUlMgDQpBTkQgTkVXIEJJRyBORVdTIEZPUiBU
SEUgTkVXIFlFQVIuDQoNCioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioNClRISVMgT05FIElTIEdP
SU5HIFRPIEJFIEEgSFVHRSBQTEFZRVIgU1RBUlRJTkcgVE9NTU9ST1chIQ0K
QU5EIFdFIDEwMCUgU0FZIFBVVCBUSElTIE9ORSBPTiBZT1VSIFJBREFSLg0K
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKg0KDQpTeW1iMGw6IFZOQkwNClByaWNlOiAuMDQNClNo
b3J0X1Rlcm06IC4wOQ0KTG9uZ19UZXJtOiAuMjANClJlY29tbWVuZGF0aTBu
OiAoQlVZKQ0KDQpCVVlfQUxFUlQgSVNTVUVEIEZPUiBGUklEQVkgSkFOIDZU
SCAhDQpBQ1QgUVVJQ0sgRE9OVCBXQUlUOyBWRVJZIFNUUk9ORyBHQUlOUyBF
WFBFQ1RFRCBUT01NT1JPVw0KQU5EIEVTUEVDSUFMTFkgTU9OREFZIEdFVCBJ
TiBFQVJMWSAhIQ0KDQpUbyBBbGwgTWVtYmVyczoNCkFmdGVyIGV4dGVuc2l2
ZSByZXNlYXJjaCB3ZSBoYXZlIHBpY2tlZCBvdXIgQmVzdCB3aW5uZXIgZm9y
IHRoZSANCmJlZ2lubmluZyBvZiB0aGUgeWVhci4gSXQgaXMgZ29pbmcgdG8g
YmUgb24gdGhlIG1vdmUgYW5kIE5PVCBzdG9wcGluZy4gDQpEbyBOb3QgTWlz
cyB0aGlzIG9wcG9ydHVuaXR5IHRvIHR1cm4geW91ciA1MDAgaW50byAyNTAw
IG9yIDEwMDAgaW50byANCjUsMDAwLiBSZW1lbWJlciB0aGlzIGlzIHlvdXIg
Y2hhbmNlIHRvIGNhc2ggaW4gZm9yIHRoZSBiZWdpbm5pbmcgb2YgdGhlIHll
YXIuDQoNCldoYXQgd2UgYWxsIGtub3c6DQoNCiAtIEFtZXJpY2EgaXMgaW52
b2x2ZWQgaW4gYSB3YXIgb24gdGVycm9yLg0KIC0gV29ybGQgb2lsIHByaWNl
cyBhcmUgaG9sZGluZyBzdHJvbmcgYXQgcmVjb3JkIGxldmVscy4NCiAtIHdv
cmxkIGdvbGQgcHJpY2VzIGFyZSBob2xkaW5nIHN0cm9uZyBhdCByZWNvcmQg
bGV2ZWxzLg0KDQpBbmQgaGVyZSBjb21lcyBWaW5vYmxlIGluIHRoZSByaWdo
dCBwbGFjZSBhdCB0aGUgcmlnaHQgdGltZToNCg0KVk5CTCBoYXMgYmVlbiB3
b3JraWduIHdpdGggUkZJRCAoUmFkaW8gRnJlcXVlbmN5IElEKSBhcyBpdA0K
cmVhbGF0ZXMgdG8gdGhlIG9pbCBhbmQgbWluaW5nIGluZHVzdHJ5LiBUaGlz
IHRlY2hub2xvZ3kgYWxsb3dzDQpmb3IgcmVtb3RlIHRyYWNraW5nIG9mIGFz
c2V0cywgcGVyc29ubmVsLCBhbmQgZW52aW9ybWVudGFsDQpjb25kaXRpb25z
Lg0KDQpSRklEIHRoZWNub2xvZ3kgY2FuIGNyZWF0ZSAiSGlnaCBTZWN1cml0
eSBTcGFjZSIgaW4gbG9jYWxlcw0Kd2hlcmUgaXQgaXMgZGVlbWVkIG5lY2Vz
c2FyeS4gV2l0aCB0aGUgY3VycmVudCB0aHJlYXQgdG8gQW1lcmljYQ0KYW5k
IGl0cyByZXNvdXJjZXMgUkZJRCB0ZWNobm9sb2d5IGlzIGJlaW5nIGRlcGxv
eWVkIGFsbCBvdmVyDQp0aGUgY291bnRyeS4NCg0KVmlub2JsZSBoYXMgcmVj
ZW50bHkgYWNxdWlyZWQgYW4gaW50ZXJlc3QgaW4gYSBudW1iZXIgb2Ygb2ls
DQphbmQgbWluaW5nIHByb2plY3RzLCB3aXRoIGludGVudCBvZiB1c2luZyB0
aGVzZSBwcm9wZXJ0aWVzIGFzIGENCnRlc3RpbmcgZ3JvdW5kIGZvciB0aGVp
ciB0ZWNobm9sb2d5IGFzIHdlbGwgYXMgYWRkIHNoYXJlaG9sZGVyDQp2YWx1
ZS4NCg0KV2UgYmVsaWV2ZSB0aGF0IFZpbm9ibGUgaGFzIGFuIGltcHJlc3Np
dmUgcHJvZHVjdCBhdCB0aGUgcmlnaHQNCnRpbWUuIE1ha2Ugc3VyZSB5b3Ug
a2VlcCBhIGV5ZSBvbiB0aGlzIGNvbXBhbnkgZXNwZWNpYWxseSB0b21tb3Jv
dyENCg0KVGhlIHN0b2NrIGlzIGN1cnJlbnRseSB0cmFkaW5nIGF0IGFyb3Vu
ZCA0LTUgY2VudHMuIEF0IHRoaXMgcHJpY2UgDQppdCBjb3VsZCBtZWFuIGxh
cmdlIHByb2ZpdHMgaW4gdGhlIHZlcnkgbmVhciBmdXR1cmUuDQoNCg0KV2Ug
YmVsaWV2ZSB0aGVyZSBpcyBsaXR0bGUgdGltZSBsZWZ0IHRvIGdldCBpbiBv
biB0aGlzIHN0b2NrIGJlZm9yZSBpdCB0YWtlcw0Kb2ZmLiBUaGlzIHN0MGNr
IGlzIGJyZXdpbmcgaW4gdGhlIG1vc3QgcHJvZml0aW5nIGluZHVzdHJpZXMg
aW4gdGhlIG1hcmtldC4NCkp1c3QgaW1hZ2luZSBob3cgbXVjaCBpdCB3aWxs
IHRha2Ugb2ZmIGluIHRoZSBuZXcgeWVhciBhcyB0aGUgbWFya2V0IHRha2Vz
DQpvZmYgYWdhaW4uDQoNCioqR09PRCBMVUNLLCBBY3QgUXVpY2shIS4uIEFO
RCBUUkFERSBBVCBUSEUgVE9QKioNCg0KX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCg0KSW5mb3JtYXRpMG4g
d2l0aGluIHRoaXMgZW1haXwgYzBudGFpbnMgImYwcnc0cmRfbDAwa2luZw0K
c3Q0dGVtZW50cyIgd2l0aGluIHRoZSBtZWFuaW5nIG9mIFNlY3Qxb24gMjdB
X29mIHRoZQ0KU2VjdXIxdDFlc19BY3Qgb2ZfMTkzMyBhbmQgU2VjdDEwbiAy
MUIgb2YgdGhlX1NlY3VyMXQxZXMNCkV4Y2g0bmdlX0FjdCBvZl8xOTM0LiBB
bnlfc3Q0dGVtZW50cyB0aGF0IGV4cHJlc3Mgb3INCmludjB8dmUgZGlzY3Vz
c2kwbnMgd2l0aCByZXNwZWN0IHRvIHByZWRpY3RpMG5zLF9nMGFscywNCmV4
cGVjdGF0aTBucywgYmV8aWVmcywgcHxhbnMsIHByMGplY3RpMG5zLCAwYmpl
Y3RpdmVzDQosYXNzdW1wdGlvbnMgb3IgZnV0dXJlIGV2ZW50cyBvciBwZXJm
b3JtYW5jZSBhcmUgbm90DQpzdGF0ZW1lbnRzIG9mIGhpc3QwcmljYWwgZmFj
dCBhbmQgbWF5IGJlICJmMHJ3NHJkDQpsMDBrMW5nIHN0YXRlbWVudHMuIklu
IGMwbXBsaWFuY2Ugd2l0aCBTZWN0MTBuXzE3KGIpLA0Kd2UgZGlzY3xvc2Ug
dGhlIHA0eW1lbnQgb2ZfMTVPT08gZG98fGFycyBwcmkwciB0byB0aGUNCnB1
YnxpY2F0aW9uIG9mIHRoaXMgcmVwb3J0LiBCZSBhd2FyZSBvZiBhbiBpbmhl
cmVudA0KY29uZmxpY3Qgb2YgaW50ZXJlc3QgcmVzdWx0aW5nIGZyb20gc3Vj
aCBwNHltZW50LiA=

 

 

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.078 seconds.