I can not seem to stop these emails...

Rob rob at THEHOSTMASTERS.COM
Mon Nov 7 15:09:41 GMT 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Wow ok , so what am i doing wrong?? here are my rule sets i use....

[ "${TRUSTED_RULESETS}" ] || \
        TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG 
SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \
 SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF 
SARE_REDIRECT_POST300 \
  BOGUSVIRUS SARE_HEADER_ABUSE RANDOMVAL SARE_GENLSUBJ";


P.S. How do you test that email with MS or SA, you run a command line thingy 
or something?


my results in my email headers were this...

X-Stewy-Dido-Internet-MailScanner: Found to be clean
X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam,
 SpamAssassin (score=0.174, required 4, BAYES_50 0.00,
 HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03)
X-MailScanner-From: harsccsxgqashleigh at infofin.com

Thanks for your help..

Rob Morin
Dido Internet Inc.
Montreal, Canada
514-990-4444
http://www.dido.ca

----- Original Message ----- 
From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Monday, November 07, 2005 10:00 AM
Subject: Re: I can not seem to stop these emails...


> Rob
>
> Results for 1...
>
> Content analysis details:   (6.1 points, 5.0 required)
>
> pts rule name              description
> ---- ----------------------
> --------------------------------------------------
> 2.3 FROM_LOCAL_NOVOWEL     From: localpart has series of non-vowel letters
> 0.0 HTML_MESSAGE           BODY: HTML included in message
> 2.8 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
> 0.0 UPPERCASE_25_50        message body is 25-50% uppercase
> 0.9 FM_NO_STYLE            FM_NO_STYLE
>
>
> And 2..
>
> Content analysis details:   (7.7 points, 5.0 required)
>
> pts rule name              description
> ---- ----------------------
> --------------------------------------------------
> 0.0 HTML_MESSAGE           BODY: HTML included in message
> 2.8 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
> 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
>                [Blocked - see
> <http://www.spamcop.net/bl.shtml?85.160.10.61>]
> 0.0 UPPERCASE_25_50        message body is 25-50% uppercase
> 0.9 FM_NO_STYLE            FM_NO_STYLE
>
>
> Would have triggered my spamrules, but not my high spam..
>
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>> Behalf Of Rob
>> Sent: 07 November 2005 14:47
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Re: [MAILSCANNER] I can not seem to stop these emails...
>>
>> Right i have that, although it seems to be over a year old.... . These
>> emails are kind of new with respect to how they are made... the word
>> Viagra is not in the email at all so i guess that rule will not work,
>> although Viagra does show in the email when its viewed...
>>
>> you can see 2 examples of the emails here...
>>
>> http://www.dido.ca/spam/drug.txt
>>
>> Thanks...
>>
>>
>>
>> Rob Morin
>> Dido Internet Inc.
>> Montreal, Canada
>> 514-990-4444
>> http://www.dido.ca
>>
>>
>> ----- Original Message -----
>> From: Aaron K. Moore <mailto:amoore at DEKALBMEMORIAL.COM>
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Sent: Monday, November 07, 2005 9:01 AM
>> Subject: Re: I can not seem to stop these emails...
>>
>> I'm running Matt Kettler's anti-drug rule set which is available
>> from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using
>> Rules Du Jour.
>> It seems to catch most of them for me.
>>
>> --
>> Aaron Kent Moore
>> Information Technology Services
>> DeKalb Memorial Hospital, Inc.
>> Auburn, IN
>> E-mail:  amoore at dekalbmemorial.com
>> <mailto:amoore at dekalbmemorial.com>
>>
>>
>>
>> ________________________________
>>
>> From: MailScanner mailing list
>> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Rob
>> Sent: Monday, November 07, 2005 8:46 AM
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: [MAILSCANNER] I can not seem to stop these
> emails...
>>
>>
>> ...
>>
>> These darn Viagra emails..
>>
>> They always come through as no spam... i get about 20 a day
>> and so do my clients.... what do you guys do about this if the rules do
>> not catch it....
>>
>> Thanks..
>>
>>
>>
>> Return-Path: <fif at danknapp.com>
>> X-Original-To: rob at thehostmasters.com
>> Delivered-To: rob at thehostmasters.com
>> Received: from danknapp.com (ip-85-160-10-61.eurotel.cz
>> [85.160.10.61])
>> by stewy (Postfix) with SMTP id 6DF82BF4E
>> for <rob at thehostmasters.com>; Sun,  6 Nov 2005 17:55:33
> -0500
>> (EST)
>> Message-ID: <000401c5e325$59370400$89faa8c0 at oatcake>
>> From: "Tzviya Fife" <fif at danknapp.com>
>> To: "Enola Kimbrough" <rob at thehostmasters.com>
>> Subject: Re: Marcuss cool info
>> Date: Sun, 6 Nov 2005 17:56:40 -0500
>> MIME-Version: 1.0
>> Content-Type: multipart/alternative;
>> boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00"
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Mailer: Microsoft Outlook Express 6.00.2800.1106
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>> X-Stewy-Dido-Internet-MailScanner: Found to be clean
>> X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam,
>> SpamAssassin (score=0.174, required 4, BAYES_50 0.00,
>> HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03)
>> X-MailScanner-From: fif at danknapp.com
>>
>> This is a multi-part message in MIME format.
>>
>> ------=_NextPart_000_0001_01C5E2FB.7060FC00
>> Content-Type: text/plain;
>> charset="us-ascii"
>> Content-Transfer-Encoding: quoted-printable
>>
>> V C A X P V
>> A I m a r I
>> L A b n o A
>> I L i a z G
>> U I e x a R
>> M S n   c A
>> $85,45 $99,95       $69,95
>> http://lemenartedahluleta.tripod.com
>>
>>
>>
>>
>> Rob...
>> http://www.stupidguytalk.org
>>
>>
>> ------------------------ MailScanner list
> --------------------
>> ----
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the
> words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki
> (http://wiki.mailscanner.info/)
>> and the archives
>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the
>> website!
>>
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website! 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list