> -----Original Message----- > From: Thomas Booms [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 06, 2005 2:59 PM > To: users@spamassassin.apache.org > Subject: How can I correctly detect these spams? > > Hi all, > > I have set all BAYES tests to default values and put in the > $GLOBAL all SORBS test in my users database.
You need URIBL lookups. See www.surbl.org and www.uribl.com for information. Do you have network tests turned off? I ask because SURBL should be included by default in 3.0.4 and they did hit your examples on my server, but not on yours. Trying to catch these based simply on the content of the message without any blacklist lookups is trying to hit a moving target. Rules cannot be updated fast enough to catch new varieties and by the time the rules are updated, spammers have changed their techniques. You need network tests enabled if you want to be more accurate with these. > > But since the last hours I got these following listed spams through > without tagging as spam: > > >From - Wed Jul 6 23:41:18 2005 > X-UIDL: 1120671712.M917383P13835051595651377415.host1 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > Return-Path: <[EMAIL PROTECTED]> > Delivered-To: [EMAIL PROTECTED] > Received: (qmail 26882 invoked by uid 567); 6 Jul 2005 17:41:42 -0000 > Received: from 24.107.169.54 by host1 (envelope-from > <[EMAIL PROTECTED]>, uid 502) with qmail-scanner-1.25 > (clamdscan: 0.86.1/970. spamassassin: 3.0.4. > Clear:RC:0(24.107.169.54):SA:1(4.9/1.5):. > Processed in 0.396896 secs); 06 Jul 2005 17:41:42 -0000 > Received: from unknown (HELO jfmp.com) (24.107.169.54) > by 0 with SMTP; 6 Jul 2005 17:41:42 -0000 > From: "Mustafa Norman" <[EMAIL PROTECTED]> > To: "Socorro Mcclain" <[EMAIL PROTECTED]> > Subject: Like a Teeenager > Date: Wed, 6 Jul 2005 12:31:22 -0500 > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_000_001D_01C58250.86C55100" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Unsent: 1 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > X-Qmail-Scanner-Message-ID: <[EMAIL PROTECTED]> > X-Spam-Level: * > X-Spam-Status: No, score=1.4 required=1.5 tests=BAYES_50,HTML_80_90, > HTML_FONT_BIG,HTML_MESSAGE,MIME_QP_LONG_LINE,PRIORITY_NO_NAME > autolearn=no version=3.0.4 > X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on > host1.booms-edv.de > > This is a multi-part message in MIME format. > > ------=_NextPart_000_001D_01C58250.86C55100 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > Hello, > of three hundred and twenty buccaneers who had left Cartagena > withhis = > life.Frenchmen, and the Santiago, which had been refitted and = > rechristenedvehemently, obscenely - for he could be fluently obscene = > when movedCertain it is that they did not sight Blood's fleet > in that = > dim lightWhen Blood, torn as he was between conflicting > considerations, = > stillsparkle in her hazel eyes.Mr. Blood.always the same; > that on the = > journeys to the shore they sat andconfusion in his mind, he found = > coherent thought impossible.to Colonel Bishop - a disdainful > buyer - for = > the ignominious sum ofadvice, sir, you'll not hunt me again. > I think I = > am unlucky to you.If there is any alternative that you can > suggest, I = > shall be mostBlood was startled.baulked his brutal owner.Aye, and he = > said so in terms which told me something that I hope > > ------=_NextPart_000_001D_01C58250.86C55100 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=3DContent-Type content=3D"text/html; > charset=3Dus-ascii"> > <META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR> > <STYLE></STYLE> > </HEAD> > <BODY bgColor=3D#ffffff> > <DIV><FONT face=3DArial></FONT> </DIV> > > <DIV><FONT face=3DArial>Hello, </FONT><FONT > face=3DArial>Welcome to <A > href=3D"http://www.prpgcb.militopnig.com";>PharmzOnli<SPAN > style=3D"DISPLAY: = > none"> Cinderella </SPAN>ne S<SPAN style=3D"DISPLAY: none"> > cheesecake = > </SPAN>hop</A></FONT> > <FONT face=3DArial>- one of the Ieadin<SPAN style=3D"DISPLAY: none"> = > deflexion </SPAN>g onIine pharmaceut<SPAN style=3D"DISPLAY: none"> = > repaid </SPAN>icaI shops</FONT></DIV> > > <DIV><FONT face=3DArial></FONT> </DIV> > <DIV> > <TABLE cellSpacing=3D0 cellPadding=3D0 border=3D0> > <TR vAlign=3Dbottom> > <TD rowSpan=3D2><FONT face=3DArial size=3D4>V<SPAN > style=3D"DISPLAY: = > none"> versification </SPAN>l</FONT></TD> > <TD></TD> > <TD rowSpan=3D2><FONT face=3DArial size=3D4>G<SPAN > style=3D"DISPLAY: = > none"> scissor </SPAN>R</FONT></TD> > <TD></TD> > <TD rowSpan=3D2><FONT face=3DArial size=3D4><SPAN > style=3D"DISPLAY: = > none"> horseflesh </SPAN>L</FONT></TD> > <TD></TD> > <TD rowSpan=3D2><FONT face=3DArial size=3D4>l<SPAN > style=3D"DISPLAY: = > none"> scrubby </SPAN>U</FONT></TD> > <TD></TD></TR> > <TR vAlign=3Dbottom> > <TD><FONT face=3DArial size=3D4><SPAN style=3D"DISPLAY: > none"> profit = > > </SPAN>A</FONT></TD> > <TD><FONT face=3DArial size=3D4><SPAN style=3D"DISPLAY: none"> = > unpractical </SPAN>A C<SPAN style=3D"DISPLAY: none"> claqueur = > </SPAN>lA</FONT></TD> > <TD><FONT face=3DArial size=3D4>I<SPAN style=3D"DISPLAY: none"> = > officialize </SPAN>S VA<SPAN style=3D"DISPLAY: none"> bacteria = > > </SPAN>L</FONT></TD> > <TD><FONT face=3DArial size=3D4><SPAN style=3D"DISPLAY: > none"> dorter = > </SPAN>M</FONT></TD> > <TD><FONT face=3DArial > > size=3D4> and many other.</FONT></TD></TR></TAB > LE></DIV> > > <DIV><FONT face=3DArial></FONT> </DIV> > <DIV><FONT face=3DArial>Tot<SPAN style=3D"DISPLAY: none"> claretcup = > </SPAN>al confidentiaIity,</FONT></DIV> > <DIV><FONT face=3DArial>Ov<SPAN style=3D"DISPLAY: none"> astraddle = > </SPAN>er 5 milIion customers,</FONT></DIV> > > <DIV><FONT face=3DArial>Worldwide SHl<SPAN style=3D"DISPLAY: none"> = > adroitness </SPAN>PPlNG,</FONT></DIV> > <DIV><FONT face=3DArial>Save over 60%<SPAN style=3D"DISPLAY: > none"> reeded = > </SPAN>!</FONT></DIV> > <DIV><FONT face=3DArial></FONT> </DIV> > > <DIV><FONT face=3DArial>Have a <SPAN style=3D"DISPLAY: none"> > papulous = > </SPAN>nice day!</FONT></DIV></DIV></BODY></HTML> > > ------=_NextPart_000_001D_01C58250.86C55100-- > > Next Message added by me: > > >From - Wed Jul 6 14:46:13 2005 > X-UIDL: 1120650272.M542624P13835051664370836674.host1 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > Return-Path: <[EMAIL PROTECTED]> > Delivered-To: [EMAIL PROTECTED] > Received: (qmail 9392 invoked by uid 567); 6 Jul 2005 11:44:22 -0000 > Received: from 60.176.207.251 by host1 (envelope-from > <[EMAIL PROTECTED]>, uid 502) with qmail-scanner-1.25 > (clamdscan: 0.86.1/969. spamassassin: 3.0.4. > Clear:RC:0(60.176.207.251):SA:0(1.2/1.5):. > Processed in 2.994207 secs); 06 Jul 2005 11:44:22 -0000 > Received: from unknown (HELO isoc-mu.org) (60.176.207.251) > by 0 with SMTP; 6 Jul 2005 11:44:19 -0000 > Message-ID: <[EMAIL PROTECTED]> > Date: Wed, 06 Jul 2005 15:37:02 -0300 > From: "gil tysor" <[EMAIL PROTECTED]> > User-Agent: Applixware 3.1 > MIME-Version: 1.0 > To: "Silas Paz" <[EMAIL PROTECTED]>, > <@booms-edv.de>, > <[EMAIL PROTECTED]>, > <[EMAIL PROTECTED]>, > <@booms-edv.de>, > <[EMAIL PROTECTED]>, > <[EMAIL PROTECTED]> > Subject: I hope you can use this. opium > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: 7bit > X-Spam-Level: > X-Spam-Status: No, score=-1.3 required=1.5 tests=BAYES_00, > DATE_IN_FUTURE_06_12 autolearn=no version=3.0.4 > X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on > host1.booms-edv.de > > Have the best in handbag luxury, watches, sterling jewelry > and shop at our > site today! Thank you. > > http://gb.timestipulatecool.com/li/ > > Addidas, Bally, Bvlgari, Burberry, Cartier, Chanel, Christian Dior, > Dunhill, Dupont, Escada, Fendi, Ferragamo, Gucci, Hermes, > IWC, Jacob & Co., > Louis Vuitton, Mont Blanc, Movado, Nike, Omega, Oris, Prada, > Puma, Rado, > Roger Dubuis, Rolex, Sector, Tag Heuer, TechnoMarine, > Tiffany, Timberland, > Tudor > > > > We shared a blanket in the coldTo give a promise made of gold > etateca bouhamzy dfba HZ02 freawine bashtarz > Girl from Ipanema, she goes to Greenland > > -- Again, next Message added by me -- > > >From - Wed Jul 6 23:41:19 2005 > X-UIDL: 1120679539.M513901P13835051595651351011.host1 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > Return-Path: <[EMAIL PROTECTED]> > Delivered-To: [EMAIL PROTECTED] > Received: (qmail 468 invoked by uid 567); 6 Jul 2005 19:52:08 -0000 > Received: from 219.131.54.85 by host1 (envelope-from > <[EMAIL PROTECTED]>, uid 502) with qmail-scanner-1.25 > (clamdscan: 0.86.1/970. spamassassin: 3.0.4. > Clear:RC:0(219.131.54.85):SA:0(0.0/1.5):. > Processed in 1.320807 secs); 06 Jul 2005 19:52:08 -0000 > Received: from unknown (HELO amerikanska.com) (219.131.54.85) > by 0 with SMTP; 6 Jul 2005 19:52:07 -0000 > Message-ID: <[EMAIL PROTECTED]> > Date: Wed, 06 Jul 2005 20:26:01 -0100 > Reply-To: "claudio viltz" <[EMAIL PROTECTED]> > From: "claudio viltz" <[EMAIL PROTECTED]> > User-Agent: Pegasus Mail for Win32 (v3.12a) > X-Accept-Language: en-us > MIME-Version: 1.0 > To: "Johnny Gonsalves" <[EMAIL PROTECTED]> > Cc: <@booms-edv.de>, > <[EMAIL PROTECTED]>, > <[EMAIL PROTECTED]> > Subject: Stay with the coolest offferings on quick medicaments. > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: 7bit > X-Spam-Level: > X-Spam-Status: No, score=-2.6 required=1.5 tests=BAYES_00 > autolearn=ham > version=3.0.4 > X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on > host1.booms-edv.de > > Uncover the entrance that leads to wonderful generic > medicaments and quality > curatives. > We supply all top ones on Sedative, Analgesics, ErectileDysfunctions, > blues, SeverePhobia, sleeping disor.der, OverWt. and others. > We carry expeditious and proficient carriage works. You gain total > convenience. > We operate in this innovative business model. our > chernistshop vvorks as a > middleman between medical suppliers and individual cust0mers. > Cust0mers can > pur-chase at these outstanding prices. > View our showspace if you prefer quicker and skillful > casebrief review. > > > > http://mp.exxm.treasureyourdevelopment.com/31p/ > > > > spread my fragrance, and on it I will let my leaves fall when the > > Having disrobed, she went into the bedroom; but her face had > none of the > animation which, during her stay at Moscow, had fairly > spurted from her eyes > and her smile; on the contrary, now the fire seemed extinct in her, or > hidden somewhere far away. > > when they are placed in circumstances requiring fortitude and > > > --- END of the spams --- > > Some working emails from customers i have removed. So you see > a "<@booms-edv.de". Nothing else is edited. > > Thanks for your help in advance, > > Thomas > > -- > Booms EDV > - hosting & more - > Herrenstrasse 10 > D-59073 Hamm > > www.booms-edv.de > [EMAIL PROTECTED] > >
