New Spam?

Raymond Dijkxhoorn raymond at prolocation.net
Tue Sep 11 09:28:29 IST 2007


Hi!

>>>> http://files.rheelweb.co.nz/spam.txt
>>>> http://files.rheelweb.co.nz/spam.eml
>>>> 
>>>> Cheers

>>>  pts rule name              description
>>> ---- ---------------------- 
>>> --------------------------------------------------
>>>  2.6 HTML_OBFUSCATE_10_20   BODY: Message is 10% to 20% HTML obfuscation
>>>  0.0 HTML_MESSAGE           BODY: HTML included in message
>>>  0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
>>>                             [score: 0.5000]
>>>  1.5 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
>>>  1.7 SARE_HTML_USL_OBFU     RAW: Message body has very strange HTML 
>>> sequence
>>>  3.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
>>>                             [URIs: advertisingcs.com]
>>> 
>>> The original message was not completely plain text, and may be unsafe to
>>> open with some email clients; in particular, it may contain a virus,
>>> or confirm that your address can receive spam.  If you wish to view
>>> it, it may be safer to save it to a file and open it with an editor.

>> Curiously when this email came in, it didn't trigger the URIBL rule, yet 
>> when I invoke spamassassin from the command line (as the correct user etc) 
>> it does fire the URIBL rule.
>> I wonder why this is?

> Assume a MailScanner gremlin listed it.

It magicly ended up in SURBL also.

Bye,
Raymond.


More information about the MailScanner mailing list