New Spam
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Wed Mar 23 10:20:46 GMT 2005
Roger
scanning it through my system (SA 3.02 with lots of SARE rules,
URI-RBL's, coulple of normal RBL's, pyzor, bayes etc etc) I get the
following rules triggered..
1.7 MSGID_FROM_MTA_ID Message-Id for external message added locally
2.3 MANGLED_VISIT BODY: mangled visit
1.4 FU_TLD_BIZ URI: FU_TLD_BIZ
2.5 SARE_SPOOF_OURI URI: URL has items in odd places
2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level
domain
2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c
0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag
0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag
0.0 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4999]
0.1 HTML_FONT_BIG BODY: HTML tag for a big font size
0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?219.250.101.252>]
3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[219.250.101.252 listed in
sbl-xbl.spamhaus.org]
1.0 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: spacedrugs.com]
3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist
[URIs: spacedrugs.com]
1.1 PRIORITY_NO_NAME Message has priority, but no
X-Mailer/User-Agent
0.9 FM_NO_STYLE FM_NO_STYLE
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Roger Jochem wrote:
> Hello all!
>
> I'm receiving messages like the attached one for a while now. Is there
> some spamassassin rule that can block this kind of spam? Aparently the
> message, lokking the code, is very diferent from what is appearing on
> screen. And the original text (that doesn't appear) is always very
> diferent...
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*
> ------------------------------------------------------------------------
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list