new spam getting through

Steve Freegard steve.freegard at fsl.com
Mon Dec 6 19:54:53 GMT 2010


On 06/12/10 18:56, Peter Ong wrote:
> Hey Guys,
>
> In my sandbox, I upgraded spamassassin... and tested one of the messages I received for which I'm doing this:
>
> SpamAssassin version 3.3.1
>    running on Perl version 5.8.8
>
>
> Content analysis details:   (4.1 points, 5.0 required)
>
>   pts rule name              description
> ---- ---------------------- --------------------------------------------------
>   1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
>                              [URIs: x.co]
>   0.0 FREEMAIL_FROM          Sender email is freemail
>                              (interceptor1980[at]hotmail.co.uk)
> -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, low
>                              trust
>                              [65.55.90.38 listed in list.dnswl.org]
>   1.6 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
>                              digit (interceptor1980[at]hotmail.co.uk)
>   0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay lines
>   0.0 HTML_MESSAGE           BODY: HTML included in message
>   0.8 BAYES_50               BODY: Bayes spam probability is 40 to 60%
>                              [score: 0.5000]
>
> Should I be seeing the
> HAS_SHORT_URL rule triggered in the output above?
> p

You'll need to add x(dot)co to the list of url_shorteners as it isn't 
present in the downloadable version.

Also - if you're trying to debug it:

spamassassin -D -t < msg 2>&1 | grep DecodeShortURLs

Is the command to use here.

Regards,
Steve.


More information about the MailScanner mailing list