lots of spam getting through all of a sudden

Daniel Maher daniel.maher at ubisoft.com
Mon Jul 24 15:19:00 IST 2006


Regarding that stock email, this is how it's been tagged via my setup:
pts rule name              description
---- ---------------------- --------------------------------------------------
 0.1 FORGED_RCVD_HELO       Received: contains a forged HELO
 1.7 SARE_MLB_Stock1        BODY: SARE_MLB_Stock1
 0.7 SARE_RMML_Stock4       BODY: SARE_RMML_Stock4
 1.0 SARE_LWHUGE            BODY: SARE_LWHUGE
 1.7 SARE_MLB_Stock6        BODY: Obfuscated ticker symbols
 0.5 FIN_FREE               BODY: Freedom of a financial nature
 0.8 SARE_RMML_Stock7       BODY: SARE_RMML_Stock7
 1.7 SARE_LWSYMFMT          BODY: SARE_LWSYMFMT
 1.3 INFO_TLD               URI: Contains an URL in the INFO top-level domain
 0.2 HTML_TAG_BALANCE_BODY  BODY: HTML has unbalanced "body" tags
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                            [score: 0.5000]
 3.8 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL blocklist
                            [URIs: florexx.com]
 4.1 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                            [URIs: florexx.com]
 2.1 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist
                            [URIs: florexx.com]
 3.0 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL blocklist
                            [URIs: florexx.com]
 4.5 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL blocklist
                            [URIs: florexx.com]

SpamAss 3.1.3, MailScanner 4.51.6, and SARE Stocks ruleset...

--
  _
 °v°  Daniel Maher
/(_)\ Administrateur Système Unix
 ^ ^  Unix System Administrator
 
Sentio aliquos togatos contra me conspirare.
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Craig Retief
Sent: Monday, July 24, 2006 9:52 AM
To: 'MailScanner discussion'
Subject: RE: lots of spam getting through all of a sudden

I am using the Sare Stocks rule that comes with RulesDuJour and it doesn't
get flagged.

SpamAssassin 3.1.3
MailScanner 4.54.6
Sendmail 8.13.7
DCC, Pyzor and Razor are latest builds as well

RulesDuJour updates nightly

The rules that trigger for the mentioned mail are as follows:

0.00	BAYES_50	Bayesian spam probability is 40 to 60%
1.96	DATE_IN_FUTURE_03_06	Date: is 3 to 6 hours after Received: date
1.09	EXTRA_MPART_TYPE	Header has extraneous Content-type:...type=
entry
4.10	HELO_DYNAMIC_HCC	Relay HELO'd using suspicious hostname (HCC)
1.05	HTML_IMAGE_ONLY_32	HTML: images with 2800-3200 bytes of words
0.00	HTML_MESSAGE	HTML included in message
0.75	SARE_GIF_ATTACH	Email has a inline gif

Thanks again,

Craig



More information about the MailScanner mailing list