Re: Attachments still?
Robert Fitzpatrick wrote: Still getting these attachments with SA-3.1.7 + SARE + sa-update + amavisd + clamav with sanesecurity sigs. Should I be blocking these with those rule sets? Can someone test this to see how you may be blocking? http://esmtp.webtent.net/mail1.txt Thanks :) 3.2.0 seems to do a nice job here. All of these tests are in a vanilla 3.2.0 with sa-update on my test system. X-Spam-Status: Yes, score=6.6 required=5.0 tests=DKIM_POLICY_SIGNSOME, FH_HELO_EQ_D_D_D_D,RCVD_ILLEGAL_IP,TVD_SPACE_RATIO autolearn=no version= 3.2.0 0.5 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain signs some mails 3.2 RCVD_ILLEGAL_IPReceived: contains illegal IP address 2.9 TVD_SPACE_RATIOBODY: TVD_SPACE_RATIO
Attachments still?
Still getting these attachments with SA-3.1.7 + SARE + sa-update + amavisd + clamav with sanesecurity sigs. Should I be blocking these with those rule sets? Can someone test this to see how you may be blocking? http://esmtp.webtent.net/mail1.txt Thanks :) -- Robert
Re: Attachments still?
Robert Fitzpatrick wrote: Still getting these attachments with SA-3.1.7 + SARE + sa-update + amavisd + clamav with sanesecurity sigs. Should I be blocking these with those rule sets? Can someone test this to see how you may be blocking? http://esmtp.webtent.net/mail1.txt Thanks :) Content analysis details: (12.3 points, 5.0 required) pts rule name description -- -- 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d 0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings [botnet_clientwords,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com] 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,maildomain=benmenasha.net,client,ipinhostname,clientwords] 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain signs some mails 0.0 BOTNET_IPINHOSTNAMEHostname contains its own IP address [botnet_ipinhosntame,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com] 0.0 BOTNET_CLIENT Relay has a client-like hostname [botnet_client,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,ipinhostname,clientwords] 1.9 RCVD_ILLEGAL_IPReceived: contains illegal IP address 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99% [score: 0.9899] 2.2 TVD_SPACE_RATIOBODY: TVD_SPACE_RATIO 0.1 BOUNCE_MESSAGE MTA bounce message 0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce message
Re[2]: Attachments still?
If you don't mind my shameless plug, even though that IP doesn't show up on any of the blacklists reported by either dnsstuff.com or robtex.com ...I've had it listed on my ivmSIP.com Sender's IP dnsbl since Sunday, July 15, 2007 12:25 PM. And there are many more like this! (Still taking testers, if anyone is interested!) Rob McEwen PowerView Systems (478) 475-9032 [EMAIL PROTECTED] -Original Message- From: Jari Fredriksson [EMAIL PROTECTED] To: [EMAIL PROTECTED], SpamAssassin users@spamassassin.apache.org Date: 07/31/07 21:28 Subject: Re: Attachments still? Robert Fitzpatrick wrote: Still getting these attachments with SA-3.1.7 + SARE + sa-update + amavisd + clamav with sanesecurity sigs. Should I be blocking these with those rule sets? Can someone test this to see how you may be blocking? http://esmtp.webtent.net/mail1.txt Thanks :) Content analysis details: (12.3 points, 5.0 required) pts rule name description -- -- 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d 0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings [botnet_clientwords,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com] 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,maildomain=benmenasha.net,client,ipinhostname,clientwords] 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain signs some mails 0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address [botnet_ipinhosntame,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com] 0.0 BOTNET_CLIENT Relay has a client-like hostname [botnet_client,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,ipinhostname,clientwords] 1.9 RCVD_ILLEGAL_IP Received: contains illegal IP address 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99% [score: 0.9899] 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO 0.1 BOUNCE_MESSAGE MTA bounce message 0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce message
