Fwd: WINNING NOTIFICATION /FINAL NOTICE
Craig Daters
craig at WESTPRESS.COM
Mon Jun 21 22:10:44 IST 2004
Can anyone tell me why MailScanner found this message to be clean
when SpamAssassin obviously did not? Where in my MailScanner config
can I change this? MailScanner gave this message a score of 6.8
according to MailWatch, and SpamAssassin gave it 20.5
Offending message follows:
>Return-Path: <newwaveslotto73 at bigpond.com>
>Received: from mta06ps.bigpond.com (mta06ps.bigpond.com [144.135.25.160])
> by elrond.westpress.com (8.12.8/8.12.8) with ESMTP id i5LJmbA6020608
> for <craig at westpress.com>; Mon, 21 Jun 2004 12:48:38 -0700
>Received: from lerc-daemon.mta06ps.email.bigpond.com by
> mta06ps.email.bigpond.com
> (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
> id <0HZO00IE58YII3 at mta06ps.email.bigpond.com> for craig at westpress.com; Tue,
> 22 Jun 2004 04:35:16 +1000 (EST)
>Received: from email.bigpond.com ([172.26.103.22]) by
>mta06ps.email.bigpond.com
> (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
> with ESMTP id <0HZO006ES8YBSV at mta06ps.email.bigpond.com>; Tue,
> 22 Jun 2004 04:34:59 +1000 (EST)
>Received: from [192.168.115.149] (Forwarded-For: 62.177.137.205)
> by mailms13ps.email.bigpond.com (mshttpd); Mon, 21 Jun 2004 20:34:59 +0200
>Date: Mon, 21 Jun 2004 20:34:59 +0200
>From: newwaveslotto73 <newwaveslotto73 at telstra.com>
>Subject: WINNING NOTIFICATION /FINAL NOTICE
>Message-id: <279b8932797417.2797417279b893 at email.bigpond.com>
>MIME-version: 1.0
>X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.26 (built Mar 31 2004)
>Content-type: text/plain; charset=us-ascii
>Content-language: en
>Content-transfer-encoding: 7BIT
>Content-disposition: inline
>X-Accept-Language: en
>Priority: normal
>X-WestPress-MailScanner: Found to be clean
>X-WestPress-MailScanner-SpamScore: ssssss
>X-Spam-DCC: :
>X-Spam-Flag: YES
>X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on elrond.westpress.com
>X-Spam-Level: ********************
>X-Spam-Status: Yes, hits=20.5 required=7.5 tests=BIZ_TLD,BigEvilList_143,
> BigEvilList_RX,BigEvilList_infob,DOMAIN_4U2,FROM_ENDS_IN_NUMS,
> HOT_NASTY,J_CHICKENPOX_12,J_CHICKENPOX_16,J_CHICKENPOX_22,
> J_CHICKENPOX_42,J_CHICKENPOX_45,LINES_OF_YELLING,MAILTO_TO_REMOVE,
> MAILTO_TO_SPAM_ADDR,SARE_HTML_URI_ATWWW,SARE_TOCC_NONE,SUBJ_ALL_CAPS,
> TW_JJ,TW_JL,TW_MK,TW_MV,TW_SG,TW_TB,TW_VK,TW_VZ,USERPASS,USER_4U2
> autolearn=no version=2.63
>X-Spam-Report:
> * 0.9 FROM_ENDS_IN_NUMS From: ends in numbers
> * 0.1 TW_TB BODY: Odd Letter Triples with TB
> * 0.6 J_CHICKENPOX_22 BODY: {2}Letter - punctuation - {2}Letter
> * 0.6 J_CHICKENPOX_16 BODY: {1}Letter - punctuation - {6}Letter
> * 0.1 TW_MK BODY: Odd Letter Triples with MK
> * 0.1 TW_VK BODY: Odd Letter Triples with VK
> * 0.6 J_CHICKENPOX_42 BODY: {4}Letter - punctuation - {2}Letter
> * 0.1 TW_MV BODY: Odd Letter Triples with MV
> * 0.6 DOMAIN_4U2 BODY: Domain name containing a "4u" variant
> * 0.1 TW_VZ BODY: Odd Letter Triples with VZ
> * 0.1 TW_JJ BODY: Odd Letter Triples with JJ
> * 1.7 USER_4U2 BODY: Local part containing a "4u" variant
> * 0.1 TW_JL BODY: Odd Letter Triples with JL
> * 0.1 TW_SG BODY: Odd Letter Triples with SG
> * 0.0 HOT_NASTY BODY: Possible porn - Hot, Nasty, Wild, Young
> * 0.6 J_CHICKENPOX_12 BODY: {1}Letter - punctuation - {2}Letter
> * 0.6 J_CHICKENPOX_45 BODY: {4}Letter - punctuation - {5}Letter
> * 0.0 LINES_OF_YELLING BODY: A WHOLE LINE OF YELLING DETECTED
> * 1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely
>spammer email
> * 3.1 USERPASS URI: URL contains username and (optional) password
> * 0.7 SARE_HTML_URI_ATWWW URI: Funny WWW address.
> * 0.0 MAILTO_TO_REMOVE URI: Includes a 'remove' email address
> * 0.8 BIZ_TLD URI: Contains a URL in the BIZ top-level domain
> * 3.0 BigEvilList_infob URI: Generated BigEvilList_infob
> * 3.0 BigEvilList_143 URI: Generated BigEvilList_143
> * 0.7 BigEvilList_RX URI: Domain ending in RX or Drug found.
> * 0.6 SUBJ_ALL_CAPS Subject is all capitals
> * 0.8 SARE_TOCC_NONE No To header found in email
>Status:
>
>
>annecard_cuba at yahoo.com.br, lopesmendes6 at hotmail.com,
>transcor at cvtelecom.cv, moreiratony at hotmail.com,
>electromec at cvtelecom.cv, lopescabral at hotmail.com,
>anthonobel at yahoo.com, arlindo_veiga at mail.com,
>arlindo_veiga at hotmail.com, amtavares-1960 at netcabo.pt,
>artemisamarques at yahoo.com.br, artursemedo337 at hotmail.com,
>crasyt197 at hotmail.com, jubarga51 at hotmail.com,
>kizisoares at hotmail.com, beneditamendes at hotmail.com,
>bnova at cvtelecom.cv, miuca21 at yahoo.com, creolacarla at yahoo.com,
>daveigacarla at hotmail.com, carlossanches290 at hotmail.com,
>anjos at cvtelecom.cv, djime at hotmail.com, baysceline at hotmail.com,
>tchilacbeicker883 at hotmail.com, celitaaa at hotmail.com,
>plata at cvtelecom.cv, teticuba at hotmail.com,
>rentcarclassic at cvtelecom.cv, senaclaudia at hotmail.com,
>capeverdebrownsugar at hotmail.com, confortes20 at hotmail.com,
>csline-praia-cv at cvtelecom.cv, davidvarandinha at sapo.pt,
>dtavares at cvtelecom.cv, danilsonfreire2 at hotmail.com,
>paradelawilson at hotmail.com, kaiocesar at uai.com.br,
>carolina_mendes at msn.com, t, ascheinberg at masseyservices.com,
>stuartf at datacom.co.nz, jthompso at mbvlab.wpafb.af.mil,
>afreyman at dsw.net, wallace.nathan at microlinear.com,
>59cobalt at planetcobalt.net, tgnovo at ig.com.br, , rsantos at fcsh.unl.pt,
>mtvaz at ualg.pt, mixbrasil at uol.com, sanmac at servidor.unam.mx,
>repc at servidor.unam.mx, jlseefoo at hotmail.com, cciamali at uol.com.br,
>fcruz at uol.com.br, helenahirata99 at aol.com, elsonsp at rc.unesp.br
[ Rest of message clipped ]
--
--
Craig Daters (craig at westpress dot com)
Systems Administrator
West Press Printing
1663 West Grant Road
Tucson, Arizona 85745-1433
Tel: 520-624-4939
Fax: 520-624-2715
www.westpress.com
--
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list