I can not seem to stop these emails...
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Mon Nov 7 15:32:43 GMT 2005
Rob
My RDJ TRUSTED sets are..
TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS EVILNUMBERS1 EVILNUMBERS2 SARE_RANDOM
RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_BML SARE_URI0 SARE_URI1 SARE_URI3
SARE_URI_ENG SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM
SARE_HEADER0 SARE_HEADER2 SARE_CODING SARE_SPECIFIC SARE_REDIRECT_POST300
SARE_GENLSUBJ SARE_UNSUB SARE_OBFU SARE_OBFU2 SARE_OBFU3 SARE_WHITELIST
SARE_WHITELIST_SPF SARE_WHITELIST_RCVD ZMI_GERMAN";
I've also got pyzor, a couple RBL's and all the URI-RBLs turned in
(including the black and grey).
I ran SA to get these with the -p set to my spam.assassin.prefs.conf..
spamaassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Rob
> Sent: 07 November 2005 15:10
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] I can not seem to stop these emails...
>
> Wow ok , so what am i doing wrong?? here are my rule sets i use....
>
> [ "${TRUSTED_RULESETS}" ] || \
> TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG
> SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \
> SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF
> SARE_REDIRECT_POST300 \
> BOGUSVIRUS SARE_HEADER_ABUSE RANDOMVAL SARE_GENLSUBJ";
>
>
> P.S. How do you test that email with MS or SA, you run a command line
> thingy
> or something?
>
>
> my results in my email headers were this...
>
> X-Stewy-Dido-Internet-MailScanner: Found to be clean
> X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam,
> SpamAssassin (score=0.174, required 4, BAYES_50 0.00,
> HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03)
> X-MailScanner-From: harsccsxgqashleigh at infofin.com
>
> Thanks for your help..
>
> Rob Morin
> Dido Internet Inc.
> Montreal, Canada
> 514-990-4444
> http://www.dido.ca
>
> ----- Original Message -----
> From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Monday, November 07, 2005 10:00 AM
> Subject: Re: I can not seem to stop these emails...
>
>
> > Rob
> >
> > Results for 1...
> >
> > Content analysis details: (6.1 points, 5.0 required)
> >
> > pts rule name description
> > ---- ----------------------
> > --------------------------------------------------
> > 2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel
> letters
> > 0.0 HTML_MESSAGE BODY: HTML included in message
> > 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
> > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase
> > 0.9 FM_NO_STYLE FM_NO_STYLE
> >
> >
> > And 2..
> >
> > Content analysis details: (7.7 points, 5.0 required)
> >
> > pts rule name description
> > ---- ----------------------
> > --------------------------------------------------
> > 0.0 HTML_MESSAGE BODY: HTML included in message
> > 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
> > 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
> > [Blocked - see
> > <http://www.spamcop.net/bl.shtml?85.160.10.61>]
> > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase
> > 0.9 FM_NO_STYLE FM_NO_STYLE
> >
> >
> > Would have triggered my spamrules, but not my high spam..
> >
> >
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >> -----Original Message-----
> >> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> >> Behalf Of Rob
> >> Sent: 07 November 2005 14:47
> >> To: MAILSCANNER at JISCMAIL.AC.UK
> >> Subject: Re: [MAILSCANNER] I can not seem to stop these emails...
> >>
> >> Right i have that, although it seems to be over a year old.... . These
> >> emails are kind of new with respect to how they are made... the word
> >> Viagra is not in the email at all so i guess that rule will not work,
> >> although Viagra does show in the email when its viewed...
> >>
> >> you can see 2 examples of the emails here...
> >>
> >> http://www.dido.ca/spam/drug.txt
> >>
> >> Thanks...
> >>
> >>
> >>
> >> Rob Morin
> >> Dido Internet Inc.
> >> Montreal, Canada
> >> 514-990-4444
> >> http://www.dido.ca
> >>
> >>
> >> ----- Original Message -----
> >> From: Aaron K. Moore <mailto:amoore at DEKALBMEMORIAL.COM>
> >> To: MAILSCANNER at JISCMAIL.AC.UK
> >> Sent: Monday, November 07, 2005 9:01 AM
> >> Subject: Re: I can not seem to stop these emails...
> >>
> >> I'm running Matt Kettler's anti-drug rule set which is available
> >> from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using
> >> Rules Du Jour.
> >> It seems to catch most of them for me.
> >>
> >> --
> >> Aaron Kent Moore
> >> Information Technology Services
> >> DeKalb Memorial Hospital, Inc.
> >> Auburn, IN
> >> E-mail: amoore at dekalbmemorial.com
> >> <mailto:amoore at dekalbmemorial.com>
> >>
> >>
> >>
> >> ________________________________
> >>
> >> From: MailScanner mailing list
> >> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Rob
> >> Sent: Monday, November 07, 2005 8:46 AM
> >> To: MAILSCANNER at JISCMAIL.AC.UK
> >> Subject: [MAILSCANNER] I can not seem to stop these
> > emails...
> >>
> >>
> >> ...
> >>
> >> These darn Viagra emails..
> >>
> >> They always come through as no spam... i get about 20 a day
> >> and so do my clients.... what do you guys do about this if the rules do
> >> not catch it....
> >>
> >> Thanks..
> >>
> >>
> >>
> >> Return-Path: <fif at danknapp.com>
> >> X-Original-To: rob at thehostmasters.com
> >> Delivered-To: rob at thehostmasters.com
> >> Received: from danknapp.com (ip-85-160-10-61.eurotel.cz
> >> [85.160.10.61])
> >> by stewy (Postfix) with SMTP id 6DF82BF4E
> >> for <rob at thehostmasters.com>; Sun, 6 Nov 2005 17:55:33
> > -0500
> >> (EST)
> >> Message-ID: <000401c5e325$59370400$89faa8c0 at oatcake>
> >> From: "Tzviya Fife" <fif at danknapp.com>
> >> To: "Enola Kimbrough" <rob at thehostmasters.com>
> >> Subject: Re: Marcuss cool info
> >> Date: Sun, 6 Nov 2005 17:56:40 -0500
> >> MIME-Version: 1.0
> >> Content-Type: multipart/alternative;
> >> boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00"
> >> X-Priority: 3
> >> X-MSMail-Priority: Normal
> >> X-Mailer: Microsoft Outlook Express 6.00.2800.1106
> >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
> >> X-Stewy-Dido-Internet-MailScanner: Found to be clean
> >> X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam,
> >> SpamAssassin (score=0.174, required 4, BAYES_50 0.00,
> >> HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03)
> >> X-MailScanner-From: fif at danknapp.com
> >>
> >> This is a multi-part message in MIME format.
> >>
> >> ------=_NextPart_000_0001_01C5E2FB.7060FC00
> >> Content-Type: text/plain;
> >> charset="us-ascii"
> >> Content-Transfer-Encoding: quoted-printable
> >>
> >> V C A X P V
> >> A I m a r I
> >> L A b n o A
> >> I L i a z G
> >> U I e x a R
> >> M S n c A
> >> $85,45 $99,95 $69,95
> >> http://lemenartedahluleta.tripod.com
> >>
> >>
> >>
> >>
> >> Rob...
> >> http://www.stupidguytalk.org
> >>
> >>
> >> ------------------------ MailScanner list
> > --------------------
> >> ----
> >> To unsubscribe, email jiscmail at jiscmail.ac.uk with the
> > words:
> >> 'leave mailscanner' in the body of the email.
> >> Before posting, read the Wiki
> > (http://wiki.mailscanner.info/)
> >> and the archives
> >> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >> Support MailScanner development - buy the book off the
> >> website!
> >>
> >>
> >>
> >> ------------------------ MailScanner list ------------------------
> >> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >> 'leave mailscanner' in the body of the email.
> >> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> >>
> >>
> >> ------------------------ MailScanner list ------------------------
> >> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >> 'leave mailscanner' in the body of the email.
> >> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >> Support MailScanner development - buy the book off the website!
> >
> >
> >
> > **********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept
> > for the presence of computer viruses and is believed to be clean.
> >
> > **********************************************************************
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list