Ich betreibe einen Server mit Plesk 8.3.0 auf dem Spamassassin läuft. Grundsätzlich tut der auch gut.
Jedoch ist mir zuletzt nach zunehmender E-Mail-Flut aufgefallen, dass mein Mailaccount auch die Spamassassin-Abweisungsmails anderer Mailaccounts bekommt. Ich verstehe nicht ganz, wieso/warum Spamassassin oder qmail mir E-Mails wie folgende zustellt:
( tardis@servername.de ist mein Mailaccount, vader@servername.de und darth@servername.de sind ein separate, unabhängige Mailaccounts )
Code: Select all
From - Tue Mar 11 12:38:59 2008
X-Account-Key: account2
X-UIDL: UID18342-1151644421
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:
Return-Path: <jim.howard@accureg.com>
Delivered-To: 4-tardis@servername.de
Received: from localhost by s15213467.onlinehome-server.info
with SpamAssassin (version 3.1.8);
Tue, 11 Mar 2008 13:04:31 +0100
From: "Phil Nelson" <jim.howard@accureg.com>
To: <vader@servername.de>
Subject: *****SPAM***** Vier Doosen umsonst
Date: Tue, 12 Mar 2008 14:36:04 +0300
Message-Id: <01c8844e$6660e200$0131334d@jim.howard>
X-Spam-DCC: _DCCB_:_DCCR_
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
servername.de
X-Spam-Level: ********************
X-Spam-Status: Yes, score=20.4 required=7.0 tests=DATE_IN_FUTURE_12_24,
HTML_MESSAGE,INFO_TLD,MSGID_DOLLARS,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,
UNPARSEABLE_RELAY,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_PH_SURBL,URIBL_SC_SURBL
autolearn=no version=3.1.8
X-Spam-Pyzor:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_47D6754F.771A4F28"
This is a multi-part message in MIME format.
------------=_47D6754F.771A4F28
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "servername.de", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster for details.
Content preview: Spam detection software, running on the system "servername.de",
has identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see postmaster for details.
[...]
Content analysis details: (20.4 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
0.8 INFO_TLD URI: Contains an URL in the INFO top-level domain
0.0 HTML_MESSAGE BODY: HTML included in message
2.2 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: onlinehome-server.info]
3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: dearsalt.com]
2.6 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: dearsalt.com]
3.6 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: dearsalt.com]
2.2 MSGID_DOLLARS Message-Id has pattern used in spam
1.4 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found
1.9 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) found
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_47D6754F.771A4F28
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: (qmail 11764 invoked by uid 110); 11 Mar 2008 13:04:24 +0100
Delivered-To: 4-darth@servername.de
Received: from localhost by servername.de
with SpamAssassin (version 3.1.8);
Tue, 11 Mar 2008 13:04:24 +0100
From: "Phil Nelson" <jim.howard@accureg.com>
To: <vader@servername.de>
Subject: *****SPAM***** Vier Doosen umsonst
Date: Tue, 12 Mar 2008 14:36:04 +0300
Message-Id: <01c8844e$6660e200$0131334d@jim.howard>
X-Spam-DCC: _DCCB_:_DCCR_
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
servername.de
X-Spam-Level: ***********
X-Spam-Status: Yes, score=11.9 required=7.0 tests=DATE_IN_FUTURE_12_24,
HTML_MESSAGE,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL autolearn=no
version=3.1.8
X-Spam-Pyzor:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_47D67548.BAF1526B"
This is a multi-part message in MIME format.
------------=_47D67548.BAF1526B
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "servername.de", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster for details.
Content preview: Online Apotheke - original Qualitaet - 100% wirksam Spezialangebot:
Vi. 10 Tab. 100 mg + Ci. 10 Tab. x 20 mg 53,82 Euro Vi. 10 Tab. 26,20 Euro
Vi. 30 Tab. 51,97 Euro - Sie sparen: 27,00 Euro Vi. 60 Tab. 95,69 Euro -
Sie sparen: 62,00 Euro Vi. 90 Tab. 136,91 Euro - Sie sparen: 100,00 Euro [...]
Content analysis details: (11.9 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date
0.0 HTML_MESSAGE BODY: HTML included in message
3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: dearsalt.com]
2.6 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: dearsalt.com]
3.6 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: dearsalt.com]
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_47D67548.BAF1526B
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: (qmail 11701 invoked from network); 11 Mar 2008 13:04:14 +0100
Received: from unknown (HELO home-ed67b7ab23) (77.51.49.1)
by servername.de with SMTP; 11 Mar 2008 13:04:13 +0100
Received: from [77.51.49.1] by mail.accureg.com; Tue, 12 Mar 2008 14:36:04 +0300
Message-ID: <01c8844e$6660e200$0131334d@jim.howard>
From: "Phil Nelson" <jim.howard@accureg.com>
To: <vader@servername.de>
Subject: Vier Doosen umsonst
Date: Tue, 12 Mar 2008 14:36:04 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C8844E.6660E200"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
This is a multi-part message in MIME format.
------=_NextPart_000_0007_01C8844E.6660E200
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Online Apotheke - original Qualitaet - 100% wirksam
Spezialangebot: Vi. 10 Tab. 100 mg + Ci. 10 Tab. x 20 mg 53,82 Euro
Vi. 10 Tab. 26,20 Euro
Vi. 30 Tab. 51,97 Euro - Sie sparen: 27,00 Euro
Vi. 60 Tab. 95,69 Euro - Sie sparen: 62,00 Euro
Vi. 90 Tab. 136,91 Euro - Sie sparen: 100,00 Euro
Ci. 10 - 30,00 Euro
Ci. 20 - 59,35 Euro - Sie sparen: 2,00 Euro
Ci. 30 - 80,30 Euro - Sie sparen: 12,00 Euro
- keine versteckte Kosten
- Diskrete Verpackung und Zahlung
- Visa verifizierter Onlineshop
- Kein peinlicher Arztbesuch erforderlich
- Kein langes Warten - Auslieferung innerhalb von 2-3 Tagen
- Kostenlose, arztliche Telefon-Beratung
- Bequem und diskret online bestellen.
Bestellen Sie jetzt und vergessen Sie Ihre Enttauschungen, anhaltende Ver=
sagensaengste und wiederholte peinliche Situationen
Klicken Sie HIER und Sie erhalten vier Dosen umsonst
http://dearsalt.com
------=_NextPart_000_0007_01C8844E.6660E200
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-=
1">
<META content=3D"MSHTML 5.50.4522.1200" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<body><p>Online Apotheke - original Qualität - 100% wirksam</p>
<p><strong>Spezialangebot: Vi.</strong> 10 Tab. 100 mg + <strong>Ci.</str=
ong> 10 Tab. x 20 mg <strong>53,82 Euro </strong></p><p>Vi. 10 Tab. 26,20=
Euro<br>
Vi. 30 Tab. 51,97 Euro - Sie sparen: 27,00 Euro<br>
Vi. 60 Tab. 95,69 Euro - Sie sparen: 62,00 Euro<br>
Vi. 90 Tab. 136,91 Euro - Sie sparen: 100,00 Euro</p>
<p>Ci. 10 - 30,00 Euro<br>
Ci. 20 - 59,35 Euro - Sie sparen: 2,00 Euro<br>
Ci. 30 - 80,30 Euro - Sie sparen: 12,00 Euro</p>
<p>- Kein peinlicher Arztbesuch erforderlich<br>- Visa verifizierter Onli=
neshop<br>- Kostenlose, arztliche Telefon-Beratung<br>- Diskrete Verpacku=
ng und Zahlung<br>- Kein langes Warten - Auslieferung innerhalb von 2-3 T=
agen<br>- Bequem und diskret online bestellen.<br>
- keine versteckte Kosten</p>
<p><span class=3D"yellow">Bestellen Sie jetzt und vergessen Sie Ihre Entt=
äuschungen, anhaltende Versagensängste und wiederholte peinlich=
e Situationen
</span></p><p><strong><a href=3D"http://dearsalt.com" target=3D"_blank">K=
licken Sie HIER und Sie erhalten vier Dosen umsonst</a></strong></p></bod=
y>
</BODY></HTML>
------=_NextPart_000_0007_01C8844E.6660E200--
------------=_47D67548.BAF1526B--
------------=_47D6754F.771A4F28--
Zwar ist tardis@servername.de in Plesk als Admin-Email und Notification-Mails für den Watchdog eingetragen, aber es gibt keinerlei Weiterleitung von vader@servername.de zu tardis@servername.de, oder von darth@servername.de zu vader@servername.de die für eine derart merkwürdige Weiterleitung zu Stande kommen könnte - man achte auf die Delivered-To Header, die da insgesamt 3mal für eine Mail auftauchen.
Hat jemand 'ne Idee?