lots of spam getting through all of a sudden

Ken A ka at pacific.net
Mon Jul 24 21:40:07 IST 2006 

I added an additional meta rule to spam.assassin.prefs.conf since I was 
seeing the same thing last friday. They seem to hit these two. The TVD 
rule is from sa-update, so you'll need to run 'sa-update -D' to get that 
one (it scores 2.80 by default too!).

meta            LOCAL_SPAM_07202006     (EXTRA_MPART_TYPE && 
TVD_FW_GRAPHIC_ID1)
describe        LOCAL_SPAM_07202006     spam bomb 07202006
score           LOCAL_SPAM_07202006     10

Ken A
Pacific.Net



Julian Field wrote:
> I keep getting this  GDKI.PK spam as well. I have all the SARE rules, 
> including SARE_STOCKS (from July 15th) but it gets
> 
> not spam, SpamAssassin (score=4.992, required 6, BAYES_40 -0.18, 
> DATE_IN_PAST_06_12 0.83, EXTRA_MPART_TYPE 1.09, HTML_IMAGE_ONLY_32 1.05, 
> HTML_MESSAGE 0.00, RCVD_IN_SORBS_WEB 1.46, SARE_GIF_ATTACH 0.75)
> 
> Any ideas if anything is wrong or I am missing something?
> 
> I have
> 
> TRUSTED_RULESETS="SARE_REDIRECT_POST300 EVILNUMBERS 
> SARE_BAYES_POISON_NXM SARE_H
> TML0 SARE_HTML1 SARE_HEADER0 SARE_HEADER1 SARE_SPECIFIC SARE_ADULT 
> SARE_BML SARE
> _FRAUD SARE_SPOOF SARE_RANDOM SARE_OEM SARE_GENLSUBJ0 SARE_GENLSUBJ1 
> SARE_UNSUB
> SARE_URI SARE_HEADER SARE_CODING SARE_SPECIFIC TRIPWIRE SARE_OBFU0 
> SARE_STOCKS"
> 
> Any thoughts?
> 
> On Mon24 Jul 06, at 18:47, Scott Silva wrote:
> 
>> Phillip Udel spake the following on 7/24/2006 8:28 AM:
>>> LOL.   OK.  I Just found the SARE Site.  Lol Can I assume that 
>>> everyone here
>>> but me know about this site :).  Does anyone here use the RulesDuJour
>>> script?
>>>
>>> Any Suggestions on what rules would be safe to start using first?
>> There is a tarball at Fortress Systems - www.fsl.com/support.html  -
>> It is a good starting package, with a fixed bogus_virus_warnings that 
>> won't
>> misfire on mailscanner messages.
>> I would suggest starting there.
>>
>> -- 
>> MailScanner is like deodorant...
>> You hope everybody uses it, and
>> you notice quickly if they don't!!!!
>>
>> --MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> 
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store !
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> 
> --This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
> 
> --MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list