Re: Spam slipped

2007-06-22 Thread jonathan 




Suhas Ingale wrote:

  Any custom rules to catch this?
  

body    JE_STOCK_ticker6  
/\bC[\s\-\_\'\.]?H[\s\-\_\'\.]?F[\s\-\_\
'\.]?R\b|\bO[\s\-\_\'\.]?J[\s\-\_\'\.]?U[\s\-\_\'\.]?F\b|\bC[\s\-\_\'\.]?D[\s\-\
_\'\.]?P[\s\-\_\'\.]?N\b|\bD[\s\-\_\'\.]?S[\s\-\_\'\.]?D[\s\-\_\'\.]?I\b|\bM[\s\
-\_\'\.]?N[\s\-\_\'\.]?A[\s\-\_\'\.]?B\b|\bP[\s\-\_\'\.]?S[\s\-\_\'\.]?U[\s\-\_\
'\.]?D\b|\bG[\s\-\_\'\.]?P[\s\-\_\'\.]?S[\s\-\_\'\.]?I\b|\bO[\s\-\_\'\.]?N[\s\-\
_\'\.]?C[\s\-\_\'\.]?O\b|\bS[\s\-\_\'\.]?G[\s\-\_\'\.]?X[\s\-\_\'\.]?I\b|\bC[\s\
-\_\'\.]?A[\s\-\_\'\.]?O[\s\-\_\'\.]?N\b|\bS[\s\-\_\'\.]?R[\s\-\_\'\.]?E[\s\-\_\
'\.]?A\b/
describe    JE_STOCK_ticker6   more ticker symbols 2007/06/22
score   JE_STOCK_ticker6   3

body    JE_STOCK_stockco3  /Kronos Media AG|Score One Inc\./
describe    JE_STOCK_stockco3  stock company name 2007/06/22
score   JE_STOCK_stockco3  2

  
-Original Message-----
From: arni [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, June 21, 2007 8:38 PM
To: SM
Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org
Subject: Re: Spam slipped

SM schrieb:
  
  
At 06:37 21-06-2007, arni wrote:


  If you forward inline you:
* May have the message marked as spam
* Mis learn other peoples bayes
* May get beaten by AWL's next time you send smth
  

That won't happen if you whitelist this mailing list.

Regards,
-sm

  
  did i mention that spam without headers is useless?

Re: Spam slipped

2007-06-21 Thread arni 

Suhas Ingale schrieb:

Any custom rules to catch this?

  

without headers i cant tell but i had the same spam, so here is my report:

*  4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP 
addr
*   2)
*  0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
*  2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in 
bl.spamcop.net
*  [Blocked - see ]
*  3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
*  [86.124.176.33 listed in zen.spamhaus.org]
*  0.0 BOTNET_BADDNS Relay doesn't have full circle DNS
*  
[botnet_baddns,ip=86.124.176.33,rdns=86-124-176-033.iasi.fiberlink.ro]
*  5.0 BOTNET Relay might be a spambot or virusbot
*  
[botnet0.7,ip=86.124.176.33,hostname=86-124-176-033.iasi.fiberlink.ro,baddns,client,ipinhostname]
*  0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says 
domain
*   signs some mails
*  0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
*  
[botnet_ipinhosntame,ip=86.124.176.33,rdns=86-124-176-033.iasi.fiberlink.ro]
*  0.0 BOTNET_CLIENT Relay has a client-like hostname
*  
[botnet_client,ip=86.124.176.33,hostname=86-124-176-033.iasi.fiberlink.ro,ipinhostname]
*  0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
*  [score: 0.5000]
*  0.1 RDNS_DYNAMIC Delivered to trusted network by host with
*  dynamic-looking rDNS

arni

RE: Spam slipped

2007-06-21 Thread Suhas Ingale 
Any custom rules to catch this?

-Original Message-
From: arni [mailto:[EMAIL PROTECTED] 
Sent: Thursday, June 21, 2007 8:38 PM
To: SM
Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org
Subject: Re: Spam slipped

SM schrieb:
> At 06:37 21-06-2007, arni wrote:
>> If you forward inline you:
>> * May have the message marked as spam
>> * Mis learn other peoples bayes
>> * May get beaten by AWL's next time you send smth
>
> That won't happen if you whitelist this mailing list.
>
> Regards,
> -sm
did i mention that spam without headers is useless?

Re: Spam slipped

2007-06-21 Thread arni 

SM schrieb:

At 06:37 21-06-2007, arni wrote:

If you forward inline you:
* May have the message marked as spam
* Mis learn other peoples bayes
* May get beaten by AWL's next time you send smth


That won't happen if you whitelist this mailing list.

Regards,
-sm

did i mention that spam without headers is useless?

Re: Spam slipped

2007-06-21 Thread SM 

At 06:37 21-06-2007, arni wrote:

If you forward inline you:
* May have the message marked as spam
* Mis learn other peoples bayes
* May get beaten by AWL's next time you send smth


That won't happen if you whitelist this mailing list.

Regards,
-sm

Re: Spam slipped

2007-06-21 Thread SM 

At 03:45 21-06-2007, Suhas Ingale wrote:

Wht score do others get on this?


BAYES_95 and in-house rule to identify questionable hosts.

Regards,
-sm

Re: Spam slipped

2007-06-21 Thread arni 

Suhas Ingale schrieb:

Wht score do others get on this?
 
  

Can you please please forward spam only as an attachment, thanks.

If you forward inline you:
* May have the message marked as spam
* Mis learn other peoples bayes
* May get beaten by AWL's next time you send smth

arni