worm emails marked as possible spam

IT Dept itdept at FRACTALWEB.COM
Fri Dec 2 00:57:42 GMT 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:

>I looked for one of these and got the following scores;
>3.50	BAYES_99	Bayesian spam probability is 99 to 100%
>2.17	DCC_CHECK	Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
>0.77	DIGEST_MULTIPLE	Message hits more than one network digest check
>0.20	DNS_FROM_RFC_ABUSE	Envelope sender in abuse.rfc-ignorant.org
>1.45	DNS_FROM_RFC_WHOIS	Envelope sender in whois.rfc-ignorant.org
>0.14	FORGED_RCVD_HELO	Received: contains a forged HELO
>1.61	MISSING_MIMEOLE	Message has X-MSMail-Priority, but no X-MimeOLE
>0.96	NO_REAL_NAME	From: does not include a real name
>2.70	PRIORITY_NO_NAME	Message has priority, but no user agent name
>1.50	RAZOR2_CF_RANGE_51_100	Razor2 gives confidence level above 50%
>1.50	RAZOR2_CF_RANGE_E4_51_100	Razor2 gives engine 4 confidence level
>above 50%
>0.50	RAZOR2_CHECK	Listed in Razor2 (http://razor.sf.net/)
>1.00	RCVD_IN_JAMM	Received via a relay in JAMMConsulting
>1.50	RCVD_IN_NJABL_DUL	NJABL: dialup sender did non-local SMTP
>2.05	RCVD_IN_SORBS_DUL	SORBS: sent directly from dynamic IP address
>1.38	SPF_SOFTFAIL	SPF: sender does not match SPF record (softfail)
>Spamassassin Score: 22.92
>Maybe you need some more tuning?

Not only do I likely need tuning, my spamassasin likely does as well. :-)

I'm running Bayes, DCC, Razor. My scores for this worm aren't nearly 
that high. Are you running custom rulesets as well? Other plugins?


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list