best way to combat porn email

Randal, Phil prandal at
Mon Apr 20 14:29:09 IST 2009

All these emails contain links to websites hosted on <random
name>.<letter>, so a high-scoring spamassassin uri rule can
easily catch these.

uri      MY_INTERIA     /^http:\/\/.{1,30}\.interia\.pl/i
describe MY_INTERIA     Suspicious links
score	   MY_INTERIA	5

They also all claim to be sent via Thunderbird ("User-Agent: Thunderbird (Windows/20090302)"), so you could create a meta rule cobining
both those factors.



Phil Randal | Networks Engineer
Herefordshire Council | Deputy Chief Executive's Office | I.C.T.
Services Division
Thorn Office Centre, Rotherwas, Hereford, HR2 6JT
Tel: 01432 260160
email: prandal at

Any opinion expressed in this e-mail or any attached files are those of
the individual and not necessarily those of Herefordshire Council.

This e-mail and any attached files are confidential and intended solely
for the use of the addressee. This communication may contain material
protected by law from being passed on. If you are not the intended
recipient and have received this e-mail in error, you are advised that
any use, dissemination, forwarding, printing or copying of this e-mail
is strictly prohibited. If you have received this e-mail in error please
contact the sender immediately and destroy all copies of it.

-----Original Message-----
From: mailscanner-bounces at
[mailto:mailscanner-bounces at] On Behalf Of Raymond
Sent: 20 April 2009 14:14
To: MailScanner discussion
Subject: Re: best way to combat porn email

Steve Freegard wrote:
> Raymond Norton wrote:
>> I also have the following in of postfix, so not sure why it 
>> got through in the first place:
>> smtpd_client_restrictions =
>>        reject_rbl_client,
> Change that to
>>        reject_rbl_client
> Remove this; it's been dead for months and is now pointing at dead 
> nameservers to time-out all queries.
I found that out yesterday, and made the change.

I am back on my main mailscanner this morning, and am seeing email like
the following come through. It seems bayes is fine. What can I add or
change to catch this type of garbage:  
    Italy      [  ]     [  ]     [  ]     [  ]
ID:    A435A136D54.B555F
Message Headers:    Received: from 
( [])
     by (Postfix) with SMTP id A435A136D54
     for <jmetcalf at>; Mon, 20 Apr 2009 08:09:40 -0500 (CDT)
Message-ID: <49EC739F.3391675 at>
Date: Mon, 20 Apr 2009 13:09:41 +0000
From: Divine <saner at>
User-Agent: Thunderbird (Windows/20090302)
MIME-Version: 1.0
To: jmetcalf at
Subject: Muultiple Orgasms - How to Give Her Multiple Miracles Every
Content-Type: multipart/alternative;
saner at    [Add to Whitelist | Add to Blacklist]
To:    jmetcalf at
Subject:    Muultiple Orgasms - How to Give Her Multiple Miracles Every
Size:    3.5Kb
Anti-Virus/Dangerous Content Protection
Virus:     N
Blocked File:     N
Other Infection:     N
Spam:     N   Action(s): deliver, header, "X-Spam-Status:, No"
High Scoring Spam:     N
SpamAssassin Spam:     N
Listed in RBL:     N
Spam Whitelisted:     N
Spam Blacklisted:     N
SpamAssassin Autolearn:     N
SpamAssassin Score:    2.32
Spam Report:   
    Score    Matching Rule    Descriptioncached    not     
3    required     
-0.18    BAYES_40    Bayesian spam probability is 20 to 40%
0.00    HTML_MESSAGE    HTML included in message
0.50    RAZOR2_CF_RANGE_51_100    Razor2 gives confidence level above
1.50    RAZOR2_CF_RANGE_E4_51_100    Razor2 gives engine 4 confidence 
level above 50%
0.50    RAZOR2_CHECK    Listed in Razor2 (

MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list