> SUBJECT 40 CONTAINS =?ISO-8859-1?b? I'm seeing quite a few of these coming in, but they are getting held.
I'm including a sample from my log, which is set to HIGH so that others can see what tests have been useful for me. An interesting point that came out of my following this thread is that I found that when the ISO string appears anywhere in the subject EXCEPT for the beginning, it's a SURE indicator that the message is spam. A really long (and imperfect) way to test for that is to add: SUBJECT 999 CONTAINS a=?ISO-8859-1?b? SUBJECT 999 CONTAINS b=?ISO-8859-1?b? SUBJECT 999 CONTAINS c=?ISO-8859-1?b? 999 CONTAINS 3=?ISO-8859-1?b? Anyone have a more concise way to test for that? Andrew 8)
09/11/2003 00:13:04 Q2074182b01428a33 Triggered CONTAINS filter on kr [weight->10; KR ]. 09/11/2003 00:13:04 Q2074182b01428a33 Triggered CONTAINS filter on free bottle [weight->2; free bottle with your purchase]. 09/11/2003 00:13:04 Q2074182b01428a33 Triggered CONTAINS filter on 3+ inches [weight->2; 3+ Inches!<br>100% Satísfactio]. 09/11/2003 00:13:04 Q2074182b01428a33 Triggered CONTAINS filter on Lengthen And Enlarge [weight->4; Lengthen and Enlarge your Pení]. 09/11/2003 00:13:04 Q2074182b01428a33 Triggered CONTAINS filter on VP-RX [weight->1; VP-RX Pills<br></b></font> 09/11/2003 00:13:04 Q2074182b01428a33 Triggered CONTAINS filter on No embarrassing doctor or pharmacy visits [weight->3; No embarrassing doctor or phar]. 09/11/2003 00:13:04 Q2074182b01428a33 Triggered CONTAINS filter on >Remove me< [weight->5; />Remove me</a><br>-=hqoGD]. 09/11/2003 00:13:04 Q2074182b01428a33 Triggered CONTAINS filter on .biz/ [weight->1; .biz/mka/m2c.php?man=st4vp">Pr]. 09/11/2003 00:13:05 Q2074182b01428a33 DSBL:6 BASE64:10 SPAMCOP:10 REVDNS:4 IPNOTINMX:2 NOLEGITCONTENT:2 COUNTRY:10 SNIFFER:7 FIVETENSRC:5 EASYNET-DNSBL:7 EASYNET-PROXIES:5 SORBS-HTTP:7 SORBS-SOCKS:7 PSBL:5 CBL:5 BENTALLIPBL:7 BENTALLSPAMHINT:33 BENTALLSPAMURL:6 . Total weight = 138 09/11/2003 00:13:05 Q2074182b01428a33 Using [outgoing] CFG file global.cfg. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed DSBL (http://dsbl.org/listing?ip=211.109.109.68). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed BASE64 (A binary encoded text or HTML section was found in this E-mail.). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?211.109.109.68). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 211.109.109.68 with no reverse DNS entry.). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed WEIGHT20 (Weight of 163 reaches or exceeds the limit of 20.). Action=HOLD. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed IPNOTINMX (). Action=LOG. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed NOLEGITCONTENT (No content unique to legitimate E-mail detected.). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed COUNTRY (Message failed COUNTRY test (41)). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed SNIFFER (Message failed SNIFFER: 63.). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed FIVETENSRC (68.109.109.211.blackholes.five-ten-sg.com.). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed EASYNET-DNSBL (Blacklisted by easynet.nl DNSBL - http://blackholes.easynet.nl/errors.html). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed EASYNET-PROXIES (Open Proxy - http://proxies.blackholes.easynet.nl/errors.html). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed SORBS-HTTP (Open Server [socks/35762] See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=211.109.109.68). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed SORBS-SOCKS (Open Server [http/35763] See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=211.109.109.68). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed PSBL (Your mailserver spammed me, see http://psbl.surriel.com/cgi-bin/listing.cgi?ip=211.109.109.68). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed CBL (Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=211.109.109.68). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed BENTALLIPBL ( matched 211.104.0.0/13). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed BENTALLSPAMHINT (Message failed BENTALLSPAMHINT test (901)). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Msg failed BENTALLSPAMURL (Message failed BENTALLSPAMURL test (412)). Action=WARN. 09/11/2003 00:13:05 Q2074182b01428a33 Subject: First Ti=?ISO-8859-1?B?bWU=?= 09/11/2003 00:13:05 Q2074182b01428a33 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 211.109.109.68 ID: h8B78ZwD003879 09/11/2003 00:13:05 Q2074182b01428a33 Last action = HOLD.