lots of spam getting through all of a sudden
Denis Beauchemin
Denis.Beauchemin at USherbrooke.ca
Mon Jul 24 15:57:50 IST 2006
Phillip Udel a écrit :
> Wow. Nice.
>
> I assume the SARE are your own entries?
> Who are the URIBL_BLACK URIBL_JP_SURBL Sites?
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Denis
> Beauchemin
> Sent: Monday, July 24, 2006 8:56 AM
> To: MailScanner discussion
> Subject: Re: lots of spam getting through all of a sudden
>
> Phillip Udel a écrit :
>
>> I too received more than expected. I am still looking into it.
>> Here are some of the mails of interest
>>
>> *...*
>>
>> **
>>
> Philip,
>
> They scored BIG here:
>
> X-MailScanner-SpamCheck: n'est pas un polluriel (inscrit sur la liste
> blanche),
> SpamAssassin (not cached, score=18.17, requis 5, BAYES_50 0.00,
> FIN_FREE 0.47, FORGED_RCVD_HELO 0.14, HTML_MESSAGE 0.00,
> HTML_TAG_BALANCE_BODY 0.23, INFO_TLD 1.27, SARE_LWHUGE 1.00,
> SARE_LWSYMFMT 1.66, SARE_MLB_Stock1 1.66, SARE_MLB_Stock6 1.66,
> SARE_OBFU_PART_ORT 1.67, SARE_RMML_Stock4 0.67,
> SARE_RMML_Stock7 0.75, URIBL_BLACK 3.00, URIBL_JP_SURBL 4.00)
>
>
> Denis
>
>
Philip,
I use the following rulesets (/etc/mail/spamassassin):
70_sare_adult.cf 70_sare_html1.cf
70_sare_uri0.cf german.cf
70_sare_bayes_poison_nxm.cf 70_sare_obfu0.cf
70_sare_uri1.cf local.cf
70_sare_evilnum0.cf 70_sare_obfu1.cf
70_sare_whitelist_rcvd.cf mailscanner.cf
70_sare_evilnum1.cf 70_sare_oem.cf
70_sare_whitelist_spf.cf mr_wiggly.cf
70_sare_genlsubj0.cf 70_sare_random.cf
72_sare_bml_post25x.cf nazi.cf
70_sare_genlsubj1.cf 70_sare_specific.cf
72_sare_redirect_post3.0.0.cf spamcop_uri.cf
70_sare_header0.cf 70_sare_spoof.cf
99_sare_fraud_post25x.cf uribl.cf
70_sare_header1.cf 70_sare_stocks.cf backhair.cf
70_sare_html0.cf 70_sare_unsub.cf bogus-virus-warnings.cf
$ cat uribl.cf
urirhssub URIBL_BLACK multi.uribl.com. A 2
body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe URIBL_BLACK Contains an URL listed in the URIBL blacklist
tflags URIBL_BLACK net
score URIBL_BLACK 3.0
urirhssub URIBL_GREY multi.uribl.com. A 4
body URIBL_GREY eval:check_uridnsbl('URIBL_GREY')
describe URIBL_GREY Contains an URL listed in the URIBL greylist
tflags URIBL_GREY net
score URIBL_GREY 0.25
$ egrep -v "^(#.*|$)" spamcop_uri.cf
urirhssub URIBL_WS_SURBL multi.surbl.org. A 4
header URIBL_WS_SURBL eval:check_uridnsbl('URIBL_WS_SURBL')
describe URIBL_WS_SURBL Contains a URL listed in the WS SURBL blocklist
tflags URIBL_WS_SURBL net
urirhssub URIBL_PH_SURBL multi.surbl.org. A 8
header URIBL_PH_SURBL eval:check_uridnsbl('URIBL_PH_SURBL')
describe URIBL_PH_SURBL Contains a URL listed in the PH SURBL blocklist
tflags URIBL_PH_SURBL net
urirhssub URIBL_OB_SURBL multi.surbl.org. A 16
header URIBL_OB_SURBL eval:check_uridnsbl('URIBL_OB_SURBL')
describe URIBL_OB_SURBL Contains a URL listed in the OB SURBL blocklist
tflags URIBL_OB_SURBL net
urirhssub URIBL_AB_SURBL multi.surbl.org. A 32
header URIBL_AB_SURBL eval:check_uridnsbl('URIBL_AB_SURBL')
describe URIBL_AB_SURBL Contains a URL listed in the AB SURBL blocklist
tflags URIBL_AB_SURBL net
urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
tflags URIBL_JP_SURBL net
score URIBL_SC_SURBL 0
score URIBL_WS_SURBL 3.0
score URIBL_PH_SURBL 5.0
score URIBL_OB_SURBL 4.0
score URIBL_AB_SURBL 3.0
score URIBL_JP_SURBL 4.0
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x2252 F: 819.821.8045
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3226 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060724/cb73dc8b/smime-0001.bin
More information about the MailScanner
mailing list