On 02/03/2011 10:36 AM, Daniel Bromberg wrote:
> The following spam got past all my filters. They're constantly
> evolving :-(
>
> I can't find the IP in any RBLs. Some meta-RBLs claim it's listed, but
> when I follow up to the actual RBL, it's clean. I use zen.spamhaus &
> spamcop. SpamAssassin was helpless as seen below. Those who can block
> this, how did you do it? I hope whatever technique(s) also help block
> many more like it.
>
> (We have the quoting problem. This will probably go into the junk
> folder of all those who are doing filtering better than I :-( )
>
> Thanks,
> -Daniel
>
> Return-Path:<faceb...@elgarden.pl>
> Delivered-To: dan...@example.com
> Received: by smtp.EXAMPLE.com (Postfix, from userid 503)
> id 30AE66FC0B2; Thu, 3 Feb 2011 04:20:18 -0500 (EST)
> X-Spam-Checker-Version: SpamAssassin 3.3.1_01 (2010-03-31) on EXAMPLE.com
> X-Spam-Level: *
> X-Spam-Status: No, score=1.2 required=5.8 tests=BAYES_20,HTML_MESSAGE,
> MIME_HTML_MOSTLY,MIME_QP_LONG_LINE,MPART_ALT_DIFF,SPF_PASS
> autolearn=no
> version=3.3.1_01
> X-Greylist: delayed 00:08:22 by SQLgrey-1.8.0-rc2
> Received: from s44-mail.ogicom.net (s44-mail.ogicom.net [93.157.100.68])
> by smtp.EXAMPLE.com (Postfix) with ESMTP id 6727D6FC065
> for<dan...@example.com>; Thu, 3 Feb 2011 04:20:16 -0500 (EST)
> Received: from s44-mail (localhost [127.0.0.1])
> by s44-mail.ogicom.net (Postfix) with ESMTP id AC2699054
> for<dan...@example.com>; Thu, 3 Feb 2011 10:11:52 +0100 (CET)
> Received: from uzytkown-620180 (095160093006.siedlce.vectranet.pl
> [95.160.93.6])
> (Authenticated sender: faceb...@elgarden.pl)
> by s44-mail.ogicom.net (Postfix) with ESMTPA id 83248917F
> for<dan...@example.com>; Thu, 3 Feb 2011 10:11:52 +0100 (CET)
> Received: from rcjbmfk ([192.176.150.45])
> by dblfmn (8.13.4/8.13.4) with SMTP id r50120237277724d3Hh017194
> for<dan...@example.com>; Thu, 03 Feb 2011 10:11:52 +0100 (CDT)
> (envelope-from madisonlfhr...@skaharockclimbing.com)
> Message-ID:<026c01cbc382$65762f00$065da05f@rcjbmfk>
> From:
> "madisonlfhr...@skaharockclimbing.com"<madisonlfhr...@skaharockclimbing.com>
> To: "daniel"<dan...@example.com>
> Subject: Hey You! kita
> Date: Thu, 03 Feb 2011 13:10:01 +0400
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0269_01CBC38A.C7150DA0"
> X-Mailer: Microsoft Office Outlook, Build 11.0.5510
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0269_01CBC38A.C7150DA0
> Content-Type: text/plain;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> uvqti
> ------=_NextPart_000_0269_01CBC38A.C7150DA0
> Content-Type: text/html;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html;
> charset=3Dus-ascii">
> <META content=3D"MSHTML 6.00.6000.15867" name=3DGENERATOR>
>
> </HEAD>
> <BODY>
> hi there!!
> <br>
> long time no speak ... how have you been? I am FINALLY moving right
> near you this weekend!
> Heres my info babe -
>
> <br><br>heres my screen names below..<br>
>
> AIM - ardisbelva<br>
> MSN - cleverto...@hotmail.com<br>
> YAHOO - bestaHEW<br><br>
>
> I am waiting there now! PS - dont email me back my email keeps
> freezing, use messenger
>
> <font color=3D"white"> great purifier if we would cleanse the
> foulrights and duties of citizenship revwhile onehalf are still
> political slavesdesire the ballot this is by no means certain it
> canwas minister of public instruction in 1867
> life for mankind our two great nations are as guides whoto go in
> search of him it wasi went to him and told himface full of amazement
> and wonder that is theat great cost and gave it to the nation it
> seemed to young jolyon a special peepshow ofthe other side of the fire
> the one really easy chairthose that open to the waist and are</font>
>
> </BODY></HTML>
> ------=_NextPart_000_0269_01CBC38A.C7150DA0--
>
>
>
It probably evaded the spam filters because its not spam, but complete
gibberish :)
