Spam correctly identified by spamassasin is forwarded to the -owner address..... while not a big problem it is irritating. Suggest deleting if the spam score is above 5 (the normal default for a spam=Yes finding. Will attach a file with all headers....
Description
Event Timeline
Delivered-To: richard@ames.id.au Received: by 10.36.40.198 with SMTP id h189csp1752193ith; Mon, 19 Oct 2015 20:31:39 -0700 (PDT) X-Received: by 10.140.237.72 with SMTP id i69mr1106474qhc.56.1445311899143; Mon, 19 Oct 2015 20:31:39 -0700 (PDT) Return-Path: <mailman-bounces@lists.wikimedia.org> Received: from lists.wikimedia.org (lists.wikimedia.org. [208.80.154.75]) by mx.google.com with ESMTPS id i78si992363qkh.10.2015.10.19.20.31.38 for <richard@ames.id.au> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Oct 2015 20:31:39 -0700 (PDT) Received-SPF: pass (google.com: domain of mailman-bounces@lists.wikimedia.org designates 208.80.154.75 as permitted sender) client-ip=208.80.154.75; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mailman-bounces@lists.wikimedia.org designates 208.80.154.75 as permitted sender) smtp.mailfrom=mailman-bounces@lists.wikimedia.org; dkim=pass header.i=@lists.wikimedia.org; dmarc=fail (p=NONE dis=NONE) header.from=outlook.com DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.wikimedia.org; s=wikimedia; h=Sender:Content-Type:MIME-Version:Message-ID:Subject:Reply-To:From:To:Date; bh=lxOw3Pgtfgo/WDZfa9qasaU2WLD5AaMP2Kmbmn8HYoY=; b=My1D3puY7vwW3aKtdFVMR9BjSCsUv/zFjPuidHuqrMaGa3XoKHg0BVLeGufNAkWK5JzGixXTuSrR4Cf31kaj0Ac5yiQCCf0sLhLY/oRTkghYpNj2EFEMqZHk5lb8eXZYlVSychw7MyoSY0YE+arQeeg/IZF55a1Ghk1oaikI5PU=; Received: from localhost ([::1]:59457 helo=fermium.wikimedia.org) by fermium.wikimedia.org with esmtp (Exim 4.84) (envelope-from <mailman-bounces@lists.wikimedia.org>) id 1ZoNeE-0008Gx-7y for richard@ames.id.au; Tue, 20 Oct 2015 03:31:38 +0000 Received: from [206.253.167.120] (port=40342 helo=s02.out.transpricdomihos.biz) by fermium.wikimedia.org with esmtp (Exim 4.84) (envelope-from <on@out.transpricdomihos.biz>) id 1ZoNeA-0008Go-O5 for wikimedia-l-owner@lists.wikimedia.org; Tue, 20 Oct 2015 03:31:35 +0000 Received: from out.transpricdomihos.biz (localhost.localdomain [127.0.0.1]) by s02.out.transpricdomihos.biz (Postfix) with ESMTPA id 17738342714 for <wikimedia-l-owner@lists.wikimedia.org>; Tue, 20 Oct 2015 07:31:04 +0400 (MSD) Date: Tue, 20 Oct 2015 09:01:04 +0530 To: Wikimedia L Owner <wikimedia-l-owner@lists.wikimedia.org> From: Safe Water <medcheckcare@outlook.com> Reply-To: Safe Water <medcheckcare@outlook.com> Subject: Kind attn Wikimedia L Owner Message-ID: <1989daf66ab92a584715db66dc195eb5@out.transpricdomihos.biz> X-Priority: 3 X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org/p/phpmailer/) MIME-Version: 1.0 Content-Type: multipart/related; boundary="b1_1989daf66ab92a584715db66dc195eb5" Errors-To: mailman-bounces@lists.wikimedia.org Sender: "Wikimedia-l" <mailman-bounces@lists.wikimedia.org> X-Spam-Score: 6.3 (++++++) X-Spam-Report: Spam detection software, running on the system "fermium.wikimedia.org", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear Wikimedia L Owner, Water Testing packages from Thyrocare How Safe Is Your Water ?? Test Water For Bacteria, Arsenic,Iron, Lead, Pesticides and more.Be Safe.... Test Water for Physical, Chemical, Toxic, Microbiology, Pesticides Volatile at affordable cost [...] Content analysis details: (6.3 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (medcheckcare[at]outlook.com) 1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 T_OBFU_JPG_ATTACH BODY: JPG attachment with generic MIME type 0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 FILL_THIS_FORM Fill in a form with personal information 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information --b1_1989daf66ab92a584715db66dc195eb5 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit <html> <head> </head> <body> <table style="LINE-HEIGHT: 20px; FONT-FAMILY: Verdana, Geneva, sans-serif; FONT-SIZE: 13px" border="0" cellSpacing="0" cellPadding="0" width="650" align="center"> <tbody> <tr> <td><br>Dear Wikimedia L Owner,<br></td> </tr> <tr> <td><br>Water Testing packages from Thyrocare<br></td> </tr> <tr> <td>How Safe Is Your Water ?? Test Water For Bacteria, Arsenic,Iron, Lead, Pesticides and more.Be Safe....<br><br></td> </tr> <tr> <td>Test Water for Physical, Chemical, Toxic, Microbiology, Pesticides Volatile at affordable cost<br><br></td> </tr> <tr> <td><img border="0" src="cid:my-attach" alt="Water Testing packages" width="500" height="646"></td> </tr> <tr> <td style="FONT-SIZE: 13px;" align="left"> Select any one. <br> V3 - 33 Test at INR 1710 - Physical, Chemical, Toxic, Microbiology Test<br> V4 - 49 Test at INR 2280 - V3 + Pesticides<br> V5 - 68 Test at INR 2850 - V4 + Volatile<br> </td> </tr> <tr> <td style="PADDING-BOTTOM: 6px; PADDING-LEFT: 6px; PADDING-RIGHT: 6px; PADDING-TOP: 6px" align="left"> <p><span style="font-family: verdana,geneva;"><span style="font-size: 10pt;">1.Select the Package & fill the below form with Name, Address, Mobile no.and send to <a href="mailto:medcheckcare@outlook.com">medcheckcare@outlook.com</a> </span></span></p> <p><span style="font-family: verdana,geneva;"><span style="font-size: 10pt;">Package Name (Select one out of above 3):-<br /> Name :-<br /> Postal Address:-<br /> Pincode:-<br /> Mobile No:-</span></span></p><p><span style="font-family: verdana,geneva;"><span style="font-size: 10pt;"> 2. Thyrocare representative will call you and fix appointment.<br /> 3. Water samples will be collected from your address.<br /> 4. You need to make the payment to Thyrocare when representative comes to pick up the samples.<br /> 5. Reports will be couriered at your address. We will also email the reports on your email address mentioned while booking. </span></span></p> </td> </tr> <tr> <td style="PADDING-BOTTOM: 6px; PADDING-LEFT: 6px; PADDING-RIGHT: 6px; PADDING-TOP: 6px" align="left">Helpline 092203 43367 (9am to 7pm)</td> </tr> </tbody> </table> </body> </html> --b1_1989daf66ab92a584715db66dc195eb5 Content-Type: application/octet-stream; name="med1.jpg" Content-Transfer-Encoding: base64 Content-ID: <my-attach> Content-Disposition: inline; filename="med1.jpg" <cut>
Mailman has no concept of -owner emails being moderated, which is a major issue with 2.1.x. [basic]
SpamAssassian is not configured to actively reject emails and we have no intention of doing so as it's not the most reliable method of determining off-hand emails plus because people don't support educating it effectively enough (by discarding and accepting mailman moderated messages), it is not the best indicator at all.
The solution would be blacklisting and moderation at the MTA level (exim4) but in this past and still now, we have no intention of doing this as its another arbitrary list operations have to maintain which is great for list y but for list x and z, it does more damage than good.
Unfortunately the answer is, you'll have to handle this on your side :(