As you can see, BombRaw is seeing the expression, but at what point does
RedRe?
Here's what I get:
----------------------------------------------------------------------
* BombRaw RE: 'Musical card'
* Bomb Data RE: 'Musical card'
* Valid Format of HELO: 'adsl-074-229-235-075.sip.bna.bellsouth.net'
* Invalid Format of HELO: 'adsl-074-229-235-075.sip.bna.bellsouth.net'
* 74.229.235.75 is in RBLCache: inserted at 07-08-13/14:08 by
bl.spamcop.net
* 74.229.235 has a Griplist value of 0.831246: (adds 0.831246 0.831246)
Bayesian Analysis:
Bad Words Bad Prob Good Words Good Prob
hlo adsl 1.0000
partner has 0.9988
140 href 0.9979
hlo 235 0.9979
greeting card 0.9975
href 140 0.9961
hlo 229 0.9956
want by 0.9924
your custom 0.9923
Recipient Email 0.0126
rcpt Recipient Email 0.0139
hlo 075 0.9804
internet address 0.9736
visiting us 0.9695
address box 0.9651
card simply 0.9635
free greeting 0.9600
whenever you 0.9512
and hosted 0.9451
program doesn't 0.9451
your mail 0.0593
feature you 0.9322
Totals: 1.0000 0.9988 0.9979 0.9979 0.9979 0.9975 0.9975 0.9961 0.9961
0.9956 0.9924 0.9924 0.9923 0.0126 0.0139 0.9804 0.9736 0.9695 0.9695
0.9651 0.9635 0.9600 0.9600 0.9512 0.9512 0.9451 0.9451 0.9451 0.0593
0.9322 0.9279
Spam Probability:
probability: 1.0000
helo: hlo adsl - hlo 074 - hlo 229 - hlo 235 - hlo 075 . hlo sip . hlo
bna . hlo
bellsouth . hlo net
rcpt [EMAIL PROTECTED] rcpt [EMAIL PROTECTED]
rcpt
[EMAIL PROTECTED]
ssub Musical ssub card ssub
Partner() has created Musical card for you
at marlo.com.
To see your custom Musical card, simply click on the following
Internet address (if your mail program doesn't support this feature
you will need to COPY and PASTE the address into your browser's address
box):
href 209 . href 164 . href 241 . href 140 /? href
a1bebe91d0c859db0b985c5f7201c3ef820
Send a FREE greeting card from marlo.com whenever you want by visiting
us at:
href marlo . href com /
This service is provided and hosted by marlo.com.
href 209 . href 164 . href 241 . href 140 /? href
a1bebe91d0c859db0b985c5f7201c3ef820
Send a FREE greeting card from marlo.com whenever you want by visiting
us at:
href marlo . href com /
This service is provided and hosted by marlo.com.
------------------------------------------------------------------------
------------
Below is the text from the email:
************************************************************************
***********
Microsoft Mail Internet Headers Version 2.0
Received: from MailServer ([10.0.0.1]) by MailServer2 with Microsoft
SMTPSVC(5.0.2195.6713);
Mon, 13 Aug 2007 14:08:44 -0400
Received: from ASSP [10.0.50.150] by Mailserver - SurfControl; Mon, 13
Aug 2007 14:08:45 -0400
Received: from adsl-074-229-235-075.sip.bna.bellsouth.net
([74.229.235.75]
helo=adsl-074-229-235-075.sip.bna.bellsouth.net) by ASSP.nospam;
13 Aug 2007 14:08:44 -0400
Received: from jyd.kzl ([29.70.209.204]) by
adsl-074-229-235-075.sip.bna.bellsouth.net with Microsoft
SMTPSVC(5.0.2195.5329); Mon, 13 Aug 2007 13:08:46 -0500
Message-ID: <[EMAIL PROTECTED]>
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Musical card
Date: Mon, 13 Aug 2007 13:08:46 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="windows-1250";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1158
X-Assp-Delay: delayed for 10m 6s; 13 Aug 2007 14:08:45 -0400
X-Assp-Score: 100 (DNSBL-failed)
X-Assp-Received-DNSBL: fail (bl.spamcop.net->127.0.0.2;
zen.spamhaus.org->127.0.0.4; )
X-Assp-Tag: DNSBL
X-Assp-Envelope-From: [EMAIL PROTECTED]
X-Assp-Version: 1.3.3.2()
X-Assp-Spam: YES
X-Assp-ID: id-8524c4011
X-Assp-Spam-Reason: Failed DNSBL: bl.spamcop.net zen.spamhaus.org
X-Assp-Totalscore: 100
X-Assp-Intended-For: [EMAIL PROTECTED]
X-SEF-Processed: 5_5_0_210__2007_08_13_14_08_46
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 13 Aug 2007 18:08:44.0840 (UTC)
FILETIME=[FCDB8A80:01C7DDD4]
From: [EMAIL PROTECTED]
Sent: Monday, August 13, 2007 2:09 PM
To: Recipient
Subject: Musical card
Partner() has created Musical card for you at marlo.com.
To see your custom Musical card, simply click on the following Internet
address (if your mail program doesn't support this feature you will need
to COPY and PASTE the address into your browser's address box):
http://209.164.241.140/?a1bebe91d0c859db0b985c5f7201c3ef820
Send a FREE greeting card from marlo.com whenever you want by visiting
us at:
http://marlo.com/
This service is provided and hosted by marlo.com.
************************************************************************
*******************
>From the maillog.txt:
-------------------------------------------------------
Aug-13-07 14:08:45 id-8524c4011 74.229.235.75 <[EMAIL PROTECTED]>
accepting triplet:
(74.229.235.0,[EMAIL PROTECTED],[EMAIL PROTECTED]) waited:
10m 6s
Aug-13-07 14:08:45 Commencing DNSBL checks on 74.229.235.75
Aug-13-07 14:08:45 [DNSBL] id-8524c4011 74.229.235.75
<[EMAIL PROTECTED]> to: [EMAIL PROTECTED] deleting spamming
whitelisted tuplet: (74.229.235.0,dells.com) age: 0s
Aug-13-07 14:08:45 [DNSBL] id-8524c4011 74.229.235.75
<[EMAIL PROTECTED]> to: [EMAIL PROTECTED] Message-Score:
0+100 (DNSBL-failed)
Aug-13-07 14:08:45 [DNSBL] id-8524c4011 74.229.235.75
<[EMAIL PROTECTED]> to: [EMAIL PROTECTED] DNSBL
Received-DNSBL: fail (bl.spamcop.net->127.0.0.2;
zen.spamhaus.org->127.0.0.4; )
Aug-13-07 14:08:45 [DNSBL] id-8524c4011 74.229.235.75
<[EMAIL PROTECTED]> to: [EMAIL PROTECTED] failed DNSBL:
bl.spamcop.net zen.spamhaus.org Musical_card_ -> c:\assp/spam/4011.eml
-------------------------------------------------------
It is being blocked by a Failed DNSBL. That's fine, but how I can get
it to stop storing.
Thanks!
Brett
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Doug
Traylor
Sent: Monday, August 13, 2007 3:09 PM
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Subject: Re: [Assp-user] BOMBRE and REDRE not doing anything for me
Hill, Brett wrote:
> I'm using Fritz's pre-populated bombre.txt and redre.txt. They're
> configured to be used in ASSP. For the life of me, they don't work.
>
> I look in the log and I almost never see Bomb Regex entries. I never
> see Red Regex entries. I've added all of these Regular Expressions,
> but ASSP never uses them. My spam corpus continues to collect this
> greeting card junk.
>
> What am I doing wrong? Any help would be most appreciated.
Pick one that you think should be triggering bombre and redre and view
the source with your email client. Copy and paste that test into the
Mail Analyzer and see what the results are. Also, save that email
source text to a text file, after obscuring your user's addresses and
server's IP's if you want, and post the analyzer results and the text
file here for further comment. We will see exactly what your ASSP
thinks of the email.
Doug
------------------------------------------------------------------------
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
