Accidentally hit send before putting the analysis report: Subject: important alert Connecting IP: 192.168.1.15 Connecting HELO: TTUQLQDL
Feature Matching: NoProcessing: '[email protected]' whiteRe: 'highest match: "'welcome (-5)'" with valence: -5 - PB value = -5' matching whiteRe(file:files/whitere.txt): '\bwelcome\b' Red RE: '[email protected]' matching redRe(file:files/redre.txt): 'spammeis...@frederickcountymd\.gov' Spamlover RE: 'Frederick County Government' matching SpamLoversRe(file:files/spamloverre.txt): '\bFrederick\s?County (Government|Office)' bombDataRe: 'highest match: "'http://www212.americanexpress.co (30)'" with valence: 30 - PB value = 30' matching bombDataRe(file:files/bombdatare.txt): '(http\:\/\/|@)[^/\s]*\.RU(\s(\r|$)|\/|\:\d{1,5}\/|\.\s\s?\w|\.?\r)' bombSubjectRe: 'highest match: "'important (6)'" with valence: 6 - PB value = 6' matching bombSubjectRe(file:files/subjectre.txt): '\bimportant' bombSuspiciousRe: 'highest match: "'no-reply (-3)'" with valence: -3 - PB value = -3' matching bombSuspiciousRe(file:files/suspiciousre.txt): 'no-?reply' bombSenderRe: 'highest match: "'savings (9)'" with valence: 9 - PB value = 9' matching bombSenderRe(file:files/bombsenderre.txt): 'savings' Invalid Format of HELO: 'highest match: "'ttuqlqdl (20)'" with valence: 20 - PB value = 20' matching invalidFormatHeloRe(file:files/invalidhelo.txt[line 2]): '^[^\.]+\.?$' IP 192.168.1.15 is in ISP/Secondary MX Servers (192.168) 192.168.1.15 has a Griplist value of 0.5: (adds 0.5 0.5) ------ Forwarded Message From: Spammeister <[email protected]> Date: Wed, 02 Jun 2010 08:52:36 -0400 To: For Users of ASSP <[email protected]> Conversation: Confused as to why mail got through as ok. Subject: Confused as to why mail got through as ok. Analysis of the email shows it scoring very poorly. However the assp headers in the stored email donĀ¹t show anything except a low scoring white-re match. Any ideas where I might look? Below are the headers and the meat of the analysis report X-Assp-Score: -5 (whiteRe: 'welcome (-5)') X-Assp-Delay: not delayed (whiteRe: 'welcome (-5)'); 2 Jun 2010 05:12:57 -0400 X-Assp-Whitelisted: Yes (whiteRe: 'welcome (-5)') X-Assp-Envelope-From: [email protected] X-Assp-Intended-For: [email protected] X-Assp-Passing: whiteRe: 'welcome (-5)' Received: from TTUQLQDL ([80.81.40.238] helo=TTUQLQDL) with IPv4:25 by mailgw2.frederickcountymd.gov; 2 Jun 2010 05:12:49 -0400 Message-ID: <000d01cb0233$c38bd560$6400a...@welcome> From: "American Express" <[email protected]> To: <[email protected]> Subject: important alert Date: Wed, 2 Jun 2010 12:12:45 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01CB0233.C38BD560" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------ End of Forwarded Message ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
