http://bugzilla.spamassassin.org/show_bug.cgi?id=2879
Summary: mPOP Web-Mail seems to be a spam tool
Product: Spamassassin
Version: 2.60
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Rules
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
I'm getting bombarded with spam that looks like this:
Return-Path: <[EMAIL PROTECTED]>
Received: from 200-206-137-150.dsl.telesp.net.br (200-206-137-
150.dsl.telesp.net.br [200.206.137.150])
by mailbox.mbcloans.com (8.11.6/8.11.6) with SMTP id hBUDD1705925
for <[EMAIL PROTECTED]>; Tue, 30 Dec 2003 03:13:02 -1000
Received: from [200.206.137.150] by 2004hosting.netIP with HTTP;
Tue, 30 Dec 2003 18:54:50 +0600
From: "Acevedo Jackie" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: GYVT, citizens!' the woman
Mime-Version: 1.0
X-Mailer: mPOP Web-Mail 2.19
X-Originating-IP: [2004hosting.netIP]
Date: Tue, 30 Dec 2003 09:45:50 -0300
Reply-To: "Acevedo" <[EMAIL PROTECTED]>
Content-Type: multipart/alternative;
boundary="--ALT--YACJ51749844748844"
Message-Id: <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
mailbox.mbcloans.com
X-Spam-Status: No, hits=5.0 required=5.0 tests=CHINA_HEADER,HTML_20_30,
HTML_IMAGE_ONLY_06,HTML_MESSAGE autolearn=no version=2.60
X-Spam-Level: ****
Status:
----ALT--YACJ51749844748844
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
frog dementia earring courtney mccauley lucas
mathematic raceway calumet insure summit deaconess distaff fled dense
snigger elsie casey agrimony timeshare during crystallite
----ALT--YACJ51749844748844
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 8bit
<HTML><HEAD>
<BODY>
<p>Fr</burlington>ee Ca</scops>bleTV!N</henri>o mo</pessimal>re p</anionic>ay!%
RND_SYB</p>
<a href="http://www.2004hosting.net/cable/";>
<img border="0" src="http://www.2004hosting.net/fiter3.jpg";></a>
bounce blatant depart aloft blinn firewood tomatoes inquisitive frescoes zounds
puny gimpy pliancy comatose hopeful councilwoman <BR>
coconut friedman christine chester headland buckthorn dauphin diameter adrian
sneak wedge dysprosium astrophysicist colossi bladdernut laxative panoply
hindmost <BR>
</BODY>
</HTML>
----ALT--YACJ51749844748844--
Firstly, I note that it didn't get flagged as spam because it scored 5.0 (it
must be greater than 5.0 not equal to be flagged as spam).
Anyway, I'd like a better way to catch this spam. It uses random servers,
random IPs, random, reply-tos... The common feature, though is that it has one
of these in it:
2004hosting.netIP
e-hostzz.netIP
530000x.comIP
and always comes from:
X-Mailer: mPOP Web-Mail 2.19
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
![http://www.2004hosting.net/fiter3.jpg"](http://www.2004hosting.net/fiter3.jpg"){kind=link}