Problem with adding RBL's DNS timeouts

John Crossan john.crossan at valleypres.org
Tue Feb 8 00:19:27 GMT 2005


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Can some one please help me I can not seem to find the cause of the problem.

We receive way too many spam and viruses from China and Korea.
The rules below worked for making Korean and Chinese spam high scoring spam
when they were first put in place.
They are not working now.

*** begin of RBL Rules here from /etc/MailScanner/spamassassin.prefs.conf

header X_KOREAN_RELAY eval:check_rbl('relay','korea.services.net.')
describe X_KOREAN_RELAY Received via a relay in Korea
score X_KOREAN_RELAY 10

header X_CHINESE_RELAY eval:check_rbl('relay', 'cn.rbl.cluecentral.net.')
describe X_CHINESE_RELAY Received via a relay in China
score X_CHINESE_RELAY 10

*** end of RBL rules


here is a message from 61.84.84.38
The address is in the korean services database

http://korea.services.net/blocked.phtml?addr=61.35.194.108

It looks like I am getting a DNS timeout of 3 seconds, but I have set in
/etc/MailScanner/spamassassin.prefs.conf
rbl_timeout 20


When I try to debug SpamAssassin with the folioing command

/usr/bin/spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf
<message

Debugged output:

[root at clamav 3733A17C3BC]# /usr/bin/spamassassin -x -D -p
/etc/MailScanner/spam.assassin.prefs.conf <message
debug: SpamAssassin version 3.0.1
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/usr/local/sbin', keeping.
debug: PATH included '/usr/local/bin', keeping.
debug: PATH included '/sbin', keeping.
debug: PATH included '/bin', keeping.
debug: PATH included '/usr/sbin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/X11R6/bin', keeping.
debug: PATH included '/usr/local/mysql/bin', keeping.
debug: PATH included '/root/bin', which doesn't exist, dropping.
debug: Final PATH set to:
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:
/usr/local/mysql/bin
debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
debug: config: read file /etc/mail/spamassassin/init.pre
debug: using "/usr/share/spamassassin" for default rules dir
debug: config: read file /usr/share/spamassassin/10_misc.cf
debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
debug: config: read file /usr/share/spamassassin/20_body_tests.cf
debug: config: read file /usr/share/spamassassin/20_compensate.cf
debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
debug: config: read file /usr/share/spamassassin/20_drugs.cf
debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
debug: config: read file /usr/share/spamassassin/20_head_tests.cf
debug: config: read file /usr/share/spamassassin/20_html_tests.cf
debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
debug: config: read file /usr/share/spamassassin/20_phrases.cf
debug: config: read file /usr/share/spamassassin/20_porn.cf
debug: config: read file /usr/share/spamassassin/20_ratware.cf
debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
debug: config: read file /usr/share/spamassassin/23_bayes.cf
debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
debug: config: read file /usr/share/spamassassin/25_hashcash.cf
debug: config: read file /usr/share/spamassassin/25_spf.cf
debug: config: read file /usr/share/spamassassin/25_uribl.cf
debug: config: read file /usr/share/spamassassin/30_text_de.cf
debug: config: read file /usr/share/spamassassin/30_text_fr.cf
debug: config: read file /usr/share/spamassassin/30_text_nl.cf
debug: config: read file /usr/share/spamassassin/30_text_pl.cf
debug: config: read file /usr/share/spamassassin/50_scores.cf
debug: config: read file /usr/share/spamassassin/60_whitelist.cf
debug: using "/etc/mail/spamassassin" for site rules dir
debug: config: read file /etc/mail/spamassassin/local.cf
debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug: plugin: registered
Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8b531ec)
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8b328e8)
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8b531ec)
implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
inhibited further callbacks
debug: bayes: 31553 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks
debug: bayes: 31553 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen
debug: bayes: found bayes db version 3
debug: Score set 3 chosen.
debug: received-header: parsed as [ ip=192.6.1.253
rdns=firewall.valleypres.org helo=mail.valleypres.org
by=clamav.valleypres.org ident= envfrom= intl=0 id=3733A17C3BC ]
debug: dns_available set to yes in config file, skipping test
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
debug: looking up PTR record for '61.35.194.108'
debug: PTR for '61.35.194.108': ''
debug: received-header: parsed as [ ip=61.35.194.108 rdns=
helo=61.35.194.108 by=mail.valleypres.org ident= envfrom= intl=0
id=1Cxchw-0008OQ-00 ]
debug: IP is reserved, not looking up PTR: 127.0.0.1
debug: received-header: parsed as [ ip=127.0.0.1 rdns= helo=localhost
by=localhost.csirlyd.com ident= envfrom= intl=0 id= ]
debug: received-header: parsed as [ ip=61.132.103.175 rdns=61.132.103.175
helo=61.132.103.175 by=61.35.194.108 ident= envfrom= intl=0 id= ]
debug: looking up A records for 'clamav.valleypres.org'
debug: A records for 'clamav.valleypres.org': 172.16.14.58
debug: looking up A records for 'clamav.valleypres.org'
debug: A records for 'clamav.valleypres.org': 172.16.14.58
debug: received-header: 'by' clamav.valleypres.org has reserved IP
172.16.14.58
debug: received-header: 'by' clamav.valleypres.org has no public IPs
debug: received-header: relay 192.6.1.253 trusted? yes internal? no
debug: looking up A records for 'mail.valleypres.org'
debug: A records for 'mail.valleypres.org': 172.16.12.253
debug: received-header: 'by' mail.valleypres.org has reserved IP
172.16.12.253
debug: received-header: 'by' mail.valleypres.org has no public IPs
debug: received-header: relay 61.35.194.108 trusted? yes internal? no
debug: received-header: 'from' 127.0.0.1 has reserved IP
debug: looking up A records for 'localhost.csirlyd.com'
debug: A records for 'localhost.csirlyd.com':
debug: received-header: relay 127.0.0.1 trusted? yes internal? no
debug: looking up A records for '61.35.194.108'
debug: A records for '61.35.194.108':
debug: received-header: relay 61.132.103.175 trusted? no internal? no
debug: metadata: X-Spam-Relays-Trusted: [ ip=192.6.1.253
rdns=firewall.valleypres.org helo=mail.valleypres.org
by=clamav.valleypres.org ident= envfrom= intl=0 id=3733A17C3BC ] [
ip=61.35.194.108 rdns= helo=61.35.194.108 by=mail.valleypres.org ident=
envfrom= intl=0 id=1Cxchw-0008OQ-00 ] [ ip=127.0.0.1 rdns= helo=localhost
by=localhost.csirlyd.com ident= envfrom= intl=0 id= ]
debug: metadata: X-Spam-Relays-Untrusted: [ ip=61.132.103.175
rdns=61.132.103.175 helo=61.132.103.175 by=61.35.194.108 ident= envfrom=
intl=0 id= ]
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
implements 'parsed_metadata'
debug: ---- MIME PARSER START ----
debug: main message type: text/html
debug: parsing normal part
debug: added part, type: text/html
debug: ---- MIME PARSER END ----
debug: decoding: other encoding type (8bit), ignoring
debug: uri found: http://www.prismcasino.com/mail/likeawinner/happy.jpg
debug: uri found: http://www.prismcasino.com/mail/likeawinner/logo.gif
debug: uri found: http://www.casinonewsservice.com
debug: uri found: http://www.prismcasino.com/mail/likeawinner/b_join2.gif
debug: uri found: http://www.prismcasino.com/mail/likeawinner/bottom.gif
debug: uri found: http://www.prismcasino.com/mail/likeawinner/join.gif
debug: uri found: http://www.casinonewsservice.com/aff664.html
debug: uri found: http://www.prismcasino.com/mail/likeawinner/blink.gif
debug: uri found: http://www.prismcasino.com/mail/likeawinner/winner2.gif
debug: uri found: http://www.prismcasino.com/mail/likeawinner/1n.gif
debug: uri found: http://www.prismcasino.com/mail/likeawinner/winner.gif
debug: URIDNSBL: domains to query: prismcasino.com casinonewsservice.com
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
debug: all '*From' addrs: mutiduldndk at themackintoshgroup.com
debug: Running tests for priority: 0
debug: running header regexp tests; score so far=0
debug: registering glue method for check_hashcash_double_spend
(Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8b531ec))
debug: registering glue method for check_for_spf_helo_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8b328e8))
debug: SPF: checking HELO (helo=61.132.103.175, ip=61.132.103.175)
debug: SPF: trimmed HELO down to '61.132.103.175'
debug: SPF: cannot check HELO of '61.132.103.175', skipping
debug: registering glue method for check_hashcash_value
(Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8b531ec))
debug: all '*To' addrs: catherine.litten at valleypres.org
debug: registering glue method for check_for_spf_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8b328e8))
debug: SPF: relayed through one or more trusted relays, cannot use
header-based Envelope-From, skipping
debug: registering glue method for check_for_spf_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8b328e8))
debug: registering glue method for check_for_spf_helo_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8b328e8))
debug: forged-HELO: from=61.132.103.175 helo=61.132.103.175 by=61.35.194.108
debug: registering glue method for check_for_spf_fail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8b328e8))
debug: registering glue method for check_for_spf_helo_fail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8b328e8))
debug: running body-text per-line regexp tests; score so far=1.315
debug: running uri tests; score so far=2.716
debug: bayes corpus size: nspam = 6463, nham = 16793
debug: tokenize: header tokens for *M = "  1876981107659655 61 35 194 108 "
debug: tokenize: header tokens for *F = "U*mutiduldndk
D*themackintoshgroup.com D*com"
debug: tokenize: header tokens for To = "U*catherine.litten D*valleypres.org
D*org"
debug: tokenize: header tokens for MIME-Version = " "
debug: tokenize: header tokens for *c = " /html; charset="iso-8859-1""
debug: tokenize: header tokens for Content-Transfer-Encoding = " 8bit"
debug: tokenize: header tokens for *u = " Internet Messaging Program (IMP)
3.2.2"
debug: tokenize: header tokens for X-Originating-IP = " 61.132.103.175"
debug: tokenize: header tokens for *RT = " [ ip=192.6.1.253
rdns=firewall.valleypres.org helo=mail.valleypres.org
by=clamav.valleypres.org ident= envfrom= intl=0 id=3733A17C3BC ] [
ip=61.35.194.108 rdns= helo=61.35.194.108 by=mail.valleypres.org ident=
envfrom= intl=0 id=1Cxchw-0008OQ-00 ] [ ip=127.0.0.1 rdns= helo=localhost
by=localhost.csirlyd.com ident= envfrom= intl=0 id= ]"
debug: tokenize: header tokens for *RU = " [ ip=61.132.103.175
rdns=61.132.103.175 helo=61.132.103.175 by=61.35.194.108 ident= envfrom=
intl=0 id= ]"
debug: tokenize: header tokens for *r = "   61.132.103 ip*61.132.103.175
(61.132.103 ip*61.132.103.175 [61.132.103 ip*61.132.103.175 ]) by 61.35.194
ip*61.35.194.108  (IMP)   HTTP   <catherine.litten at valleypres.org>;"
debug: tokenize: header tokens for *r = "   61.132.103 ip*61.132.103.175
(61.132.103 ip*61.132.103.175 [61.132.103 ip*61.132.103.175 ]) by 61.35.194
ip*61.35.194.108  (IMP)   HTTP   <catherine.litten at valleypres.org>;
unknown (HELO localhost) (127.0.0 ip*127.0.0.1 ) by localhost.csirlyd.com
; "
debug: bayes token 'H*UA:3.2.2' => 0.998560747663551
debug: bayes token 'H*u:3.2.2' => 0.998560747663551
debug: bayes token 'UD:casinonewsservice.com' => 0.998295202952029
debug: bayes token 'sk:casinon' => 0.998295202952029
debug: bayes token 'www.casinonewsservice.com' => 0.998295202952029
debug: bayes token 'wwwcasinonewsservicecom' => 0.998295202952029
debug: bayes token 'UD:www.casinonewsservice.com' => 0.998295202952029
debug: bayes token 'H*RT:127.0.0.1' => 0.012402038762634
debug: bayes token 'competitions' => 0.987150906733285
debug: bayes token 'Thanks' => 0.0173691346180195
debug: bayes token 'Sign' => 0.0209378459820981
debug: bayes token 'UD:bottom.gif' => 0.975148999801698
debug: bayes token 'bottomgif' => 0.975148999801698
debug: bayes token 'bottom.gif' => 0.975148999801698
debug: bayes token 'H*RT:sk:localho' => 0.02864952653931
debug: bayes token '24-48' => 0.965009087146444
debug: bayes token 'H*MI:108' => 0.958
debug: bayes token 'winner.gif' => 0.958
debug: bayes token 'H*MI:sk:1876981' => 0.958
debug: bayes token 'UD:b_join2.gif' => 0.958
debug: bayes token '1n.gif' => 0.958
debug: bayes token 'aff664.html' => 0.958
debug: bayes token 'blinkgif' => 0.958
debug: bayes token 'UD:1n.gif' => 0.958
debug: bayes token 'H*M:sk:1876981' => 0.958
debug: bayes token '$21,972.50' => 0.958
debug: bayes token 'Lightspeed' => 0.958
debug: bayes token 'happyjpg' => 0.958
debug: bayes token 'UD:winner2.gif' => 0.958
debug: bayes token '2197250' => 0.958
debug: bayes token 'slot!' => 0.958
debug: bayes token 'casino' => 0.958
debug: bayes token '$20,985' => 0.958
debug: bayes token 'winning!' => 0.958
debug: bayes token '1286163' => 0.958
debug: bayes token '$20,002.25' => 0.958
debug: bayes token 'blink.gif' => 0.958
debug: bayes token 'UD:blink.gif' => 0.958
debug: bayes token 'Slot!' => 0.958
debug: bayes token 'H*r:ip*61.132.103.175' => 0.958
debug: bayes token 'H*RU:61.132.103.175' => 0.958
debug: bayes token 'happy.jpg' => 0.958
debug: bayes token 'lightspeed' => 0.958
debug: bayes token 'blackjack' => 0.958
debug: bayes token 'Blackjack!' => 0.958
debug: bayes token 'WINNING' => 0.958
debug: bayes token '$12,861.63' => 0.958
debug: bayes token 'UD:prismcasino.com' => 0.958
debug: bayes token 'H*M:108' => 0.958
debug: bayes token 'prism!' => 0.958
debug: bayes token 'H*M:194' => 0.958
debug: bayes token 'shyles' => 0.958
debug: bayes token 'H*RT:sk:1Cxchw-' => 0.958
debug: bayes token 'Casino' => 0.958
debug: bayes token 'winner2gif' => 0.958
debug: bayes token 'UD:join.gif' => 0.958
debug: bayes token 'Blackjack' => 0.958
debug: bayes token 'UD:winner.gif' => 0.958
debug: bayes token '20985' => 0.958
debug: bayes token 'H*MI:194' => 0.958
debug: bayes token 'Slots!' => 0.958
debug: bayes token 'NEXT!!!' => 0.958
debug: bayes token 'slot' => 0.958
debug: bayes token 'HX-Originating-IP:61.132.103.175' => 0.958
debug: bayes token 'slots!' => 0.958
debug: bayes token 'H*r:ip*61.35.194.108' => 0.958
debug: bayes token 'Prism' => 0.958
debug: bayes token 'b_join2.gif' => 0.958
debug: bayes token '$24,500' => 0.958
debug: bayes token 'aff664html' => 0.958
debug: bayes token 'Poker!' => 0.958
debug: bayes token 'b_join2gif' => 0.958
debug: bayes token 'Slots' => 0.958
debug: bayes token 'join.gif' => 0.958
debug: bayes token 'UD:aff664.html' => 0.958
debug: bayes token 'H*r:61.35.194' => 0.958
debug: bayes token 'opted' => 0.958
debug: bayes token '24500' => 0.958
debug: bayes token 'H*F:D*themackintoshgroup.com' => 0.958
debug: bayes token 'H*RT:3733A17C3BC' => 0.958
debug: bayes token '$16,604.84' => 0.958
debug: bayes token 'prism' => 0.958
debug: bayes token 'wwwprismcasinocom' => 0.958
debug: bayes token 'UD:www.prismcasino.com' => 0.958
debug: bayes token '2000225' => 0.958
debug: bayes token 'stud' => 0.958
debug: bayes token 'likeawinner' => 0.958
debug: bayes token 'joingif' => 0.958
debug: bayes token 'Stud' => 0.958
debug: bayes token 'poker!' => 0.958
debug: bayes token 'Shyles' => 0.958
debug: bayes token 'Prism!' => 0.958
debug: bayes token 'H*F:U*mutiduldndk' => 0.958
debug: bayes token 'H*r:61.132.103' => 0.958
debug: bayes token 'blackjack!' => 0.958
debug: bayes token '1ngif' => 0.958
debug: bayes token 'H*RT:61.35.194.108' => 0.958
debug: bayes token '1660484' => 0.958
debug: bayes token 'winner2.gif' => 0.958
debug: bayes token 'Slot' => 0.958
debug: bayes token 'WINNING!' => 0.958
debug: bayes token 'winnergif' => 0.958
debug: bayes token 'next!!!' => 0.958
debug: bayes token 'UD:happy.jpg' => 0.958
debug: bayes token 'H*RU:61.35.194.108' => 0.958
debug: bayes token 'www.prismcasino.com' => 0.958
debug: bayes token 'lot' => 0.044895692042425
debug: bayes token '2448' => 0.95430405388566
debug: bayes token 'H*RT:localhost' => 0.0473872937162061
debug: bayes token 'sign' => 0.0474079192441118
debug: bayes token 'H*r:127.0.0' => 0.049130482849064
debug: bayes token 'H*r:ip*127.0.0.1' => 0.0491841151512138
debug: bayes token 'fred' => 0.0556372736522324
debug: bayes token 'Fred' => 0.060733334043679
debug: bayes token 'H*r:IMP' => 0.933586912131647
debug: bayes token 'received' => 0.0760562450550159
debug: bayes token 'H*r:localhost' => 0.0893318623310851
debug: bayes token 'UD:gif' => 0.901478831666989
debug: bayes token 'send' => 0.0995942422996249
debug: bayes token 'found' => 0.104122394600291
debug: bayes token 'thanks' => 0.106304648610173
debug: bayes token 'could' => 0.108010343053283
debug: bayes token 'H*u:IMP' => 0.891799885344535
debug: bayes token 'H*u:Messaging' => 0.891799885344535
debug: bayes token 'H*UA:Program' => 0.891799885344535
debug: bayes token 'H*UA:IMP' => 0.891799885344535
debug: bayes token 'H*u:Program' => 0.891799885344535
debug: bayes token 'H*UA:Messaging' => 0.891799885344535
debug: bayes token 'unsubscribe' => 0.110265209673694
debug: bayes token 'but' => 0.110585846533574
debug: bayes token 'growing' => 0.110616525759099
debug: bayes token 'immediately' => 0.114143395640858
debug: bayes token 'database' => 0.114667404363985
debug: bayes token 'join' => 0.114691627207864
debug: bayes token 'UD:jpg' => 0.884339732639795
debug: bayes token 'This' => 0.11692315371609
debug: bayes token 'about' => 0.117577720389553
debug: bayes token 'H*u:Internet' => 0.882360014009373
debug: bayes token 'players' => 0.119726772600525
debug: bayes token 'don't' => 0.120864025041217
debug: bayes token 'dont' => 0.121664665868965
debug: bayes token 'Antonio' => 0.127223696110676
debug: bayes token 'next' => 0.12998331962496
debug: bayes token 'list' => 0.135367080923577
debug: bayes token 'this' => 0.138983167668796
debug: bayes token 'those' => 0.139088974059656
debug: bayes token 'winners' => 0.140487093414031
debug: bayes token 'either' => 0.141241110170095
debug: bayes token 'Caribbean' => 0.142036851334444
debug: bayes token 'caribbean' => 0.142036851334444
debug: bayes token 'HTo:U*catherine.litten' => 0.853988921474622
debug: bayes: score = 0.99999978578356
debug: bayes: 31553 untie-ing
debug: bayes: 31553 untie-ing db_toks
debug: bayes: 31553 untie-ing db_seen
debug: registering glue method for check_uridnsbl
(Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4))
debug: Razor2 is not available
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
implements 'check_tick'
debug: URIDNSBL: query for prismcasino.com took 1 seconds to look up
(multi.surbl.org.:prismcasino.com)
debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_AB_SURBL):
127.0.0.96
debug: URIDNSBL: query for casinonewsservice.com took 2 seconds to look up
(multi.surbl.org.:casinonewsservice.com)
debug: URIDNSBL: queries completed: 4 started: 6
debug: URIDNSBL: queries active:  at Mon Feb  7 16:12:29 2005
debug: running raw-body-text per-line regexp tests; score so far=5.733
debug: running full-text regexp tests; score so far=5.733
debug: Razor2 is not available
debug: Current PATH is:
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:
/usr/local/mysql/bin
debug: Pyzor is not available: pyzor not found
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is not available: no executable dccproc found.
debug: Running tests for priority: 500
debug: URIDNSBL: queries completed: 6 started: 6
debug: URIDNSBL: queries active:  at Mon Feb  7 16:12:29 2005
debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL):
"http://www.spamhaus.org/SBL/sbl.lasso?query=SBL18954"
debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL):
"http://www.spamhaus.org/SBL/sbl.lasso?query=SBL15331"
debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up
(sbl.spamhaus.org.:61.9.53.66)
debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL):
"http://www.spamhaus.org/SBL/sbl.lasso?query=SBL13005"
debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up
(sbl.spamhaus.org.:254.151.203.65)
debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL):
"http://www.spamhaus.org/SBL/sbl.lasso?query=SBL13005"
debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up
(sbl.spamhaus.org.:245.151.203.65)
debug: URIDNSBL: domain "prismcasino.com" listed (URIBL_SBL):
"http://www.spamhaus.org/SBL/sbl.lasso?query=SBL19808"
debug: URIDNSBL: query for prismcasino.com took 3 seconds to look up
(sbl.spamhaus.org.:42.212.193.216)
debug: URIDNSBL: domain "prismcasino.com" listed (URIBL_SBL):
"http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12500"
debug: URIDNSBL: query for prismcasino.com took 3 seconds to look up
(sbl.spamhaus.org.:8.228.163.66)
debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up
(sbl.spamhaus.org.:236.251.5.221)
debug: URIDNSBL: queries completed: 6 started: 0
debug: URIDNSBL: queries active:  at Mon Feb  7 16:12:30 2005
debug: RBL: success for 17 of 18 queries
debug: DNS: timeout for relay after 3 seconds
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)
implements 'check_post_dnsbl'
debug: running meta tests; score so far=12.951
debug: running header regexp tests; score so far=12.951
debug: running body-text per-line regexp tests; score so far=12.951
debug: running uri tests; score so far=12.951
debug: running raw-body-text per-line regexp tests; score so far=12.951
debug: running full-text regexp tests; score so far=12.951
debug: Running tests for priority: 1000
debug: running meta tests; score so far=12.951
debug: running header regexp tests; score so far=12.951
debug: running body-text per-line regexp tests; score so far=12.951
debug: running uri tests; score so far=12.951
debug: running raw-body-text per-line regexp tests; score so far=12.951
debug: running full-text regexp tests; score so far=12.951
debug: auto-learn: currently using scoreset 3, recomputing score based on
scoreset 1.
debug: auto-learn: message score: 12.951, computed score for autolearn:
11.065
debug: auto-learn? ham=0.1, spam=12, body-points=9.51, head-points=6.32,
learned-points=1.886
debug: auto-learn? no: inside auto-learn thresholds, not considered ham or
spam
debug: is spam? score=12.951 required=5
debug:
tests=BAYES_99,HTML_80_90,HTML_EVENT_UNSAFE,HTML_FONT_BIG,HTML_IMAGE_RATIO_0
6,HTML_MESSAGE,HTML_SHOUTING3,MARKETING_PARTNERS,MIME_HTML_ONLY,RCVD_BY_IP,R
CVD_IN_DSBL,RCVD_IN_XBL,RCVD_NUMERIC_HELO,URIBL_AB_SURBL,URIBL_SBL
debug:
subtests=__CT,__CTE,__CTYPE_CHARSET_QUOTED,__CTYPE_HTML,__HAS_MSGID,__HAS_SU
BJECT,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSGID_R
ANDY,__RATWARE_0_TZ_DATE,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_CENTER,
__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__USER_AGENT
Received: from localhost by clamav.valleypres.org
        with SpamAssassin (version 3.0.1);
        Mon, 07 Feb 2005 16:12:30 -0800
From: "Emm" <mutiduldndk at themackintoshgroup.com>
To: "Tina" <catherine.litten at valleypres.org>
Subject: find your fortune now!
Date: Sun, 6 Feb 2005 03:14:15 +0000
Message-Id: <1876981107659655 at 61.35.194.108>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on
        clamav.valleypres.org
X-Spam-Level: ************
X-Spam-Status: Yes, score=13.0 required=5.0 tests=BAYES_99,HTML_80_90,
        HTML_EVENT_UNSAFE,HTML_FONT_BIG,HTML_IMAGE_RATIO_06,HTML_MESSAGE,
        HTML_SHOUTING3,MARKETING_PARTNERS,MIME_HTML_ONLY,RCVD_BY_IP,
        RCVD_IN_DSBL,RCVD_IN_XBL,RCVD_NUMERIC_HELO,URIBL_AB_SURBL,URIBL_SBL
        autolearn=no version=3.0.1
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_420803EE.E191ABC4"

This is a multi-part message in MIME format.

------------=_420803EE.E191ABC4
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "clamav.valleypres.org", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
john.crossan at valleypres.org for details.

Content preview:  casinonewsservice Prism Casino is the place to be for
  players who are serious about WINNING! Sign up today and join the
  growing list of players who have found their fortune at Prism! WINNERS
  player won game Fred S. won $24,500 on Blackjack! Antonio A. won
  $21,972.50 on Video Poker! Irene B. won $20,985 on Slots! Shyles G. won
  $20,002.25 on Blackjack & Caribbean Stud Poker! Valerie T. won
  $16,604.84 on Slots! Bonnie M. won $12,861.63 on Lightspeed Slot! [...]

Content analysis details:   (13.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- ------------------------------------------------
--
 0.1 RCVD_BY_IP             Received by mail server with no name
 1.2 RCVD_NUMERIC_HELO      Received: contains an IP address used for HELO
 1.4 MARKETING_PARTNERS     BODY: Claims you registered with a partner
 0.1 HTML_IMAGE_RATIO_06    BODY: HTML has a low ratio of text to image area
 0.1 HTML_80_90             BODY: Message is 80% to 90% HTML
 0.0 HTML_SHOUTING3         BODY: HTML has very strong "shouting" markup
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 HTML_FONT_BIG          BODY: HTML tag for a big font size
 1.9 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]
 0.2 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 0.5 HTML_EVENT_UNSAFE      BODY: HTML contains unsafe auto-executing code
 3.8 RCVD_IN_DSBL           RBL: Received via a relay in list.dsbl.org
                            [<http://dsbl.org/listing?61.35.194.108>]
 2.0 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
                            [61.35.194.108 listed in sbl-xbl.spamhaus.org]
 1.0 URIBL_SBL              Contains an URL listed in the SBL blocklist
                            [URIs: prismcasino.com casinonewsservice.com]
 0.4 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL blocklist
                            [URIs: casinonewsservice.com]

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.


------------=_420803EE.E191ABC4
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit

Received: from mail.valleypres.org (firewall.valleypres.org [192.6.1.253])
        by clamav.valleypres.org (Postfix) with ESMTP id 3733A17C3BC
        for <catherine.litten at valleypres.org>; Sat,  5 Feb 2005
19:03:33 -0800 (PST)
Received: from [61.35.194.108] (helo=61.35.194.108)
        by mail.valleypres.org with esmtp (Exim 3.13 #5)
        id 1Cxchw-0008OQ-00
        for catherine.litten at valleypres.org; Sat, 05 Feb 2005 19:03:32 -0800
Received: from unknown (HELO localhost) (127.0.0.1)
    by localhost.csirlyd.com with SMTP; Sun, 6 Feb 2005 03:14:15 +0000
Received: from 61.132.103.175 (61.132.103.175[61.132.103.175])
       by 61.35.194.108 (IMP) with HTTP
       for <catherine.litten at valleypres.org>;Sun, 6 Feb 2005 03:14:15 +0000
Message-ID: <1876981107659655 at 61.35.194.108>
From: "Emm" <mutiduldndk at themackintoshgroup.com>
To: "Tina" <catherine.litten at valleypres.org>
Subject: find your fortune now!
Date: Sun, 6 Feb 2005 03:14:15 +0000
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.2
X-Originating-IP: 61.132.103.175

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list