[EMAIL PROTECTED] wrote:
Hi James
I'm going to admit to having a MAJOR blond moment here.....
I can't remember how to find which versions of which pieces you're
looking for here.
It's been one LOOOOOOOONG week (TGIF!!!)
Agreed :-D
We're using OpenProtect 5.0.1.9 which includes:
SpamAssassin 3.02 w/SURBL
MailScanner V4.37.7-1
RazorV2
Not sure about what OpenProtect is, bit of googleing made it seem like
it was a package thing (mail server + scanners.) I would upgrade to 3.04
as soon as you can (bugs etc in 3.02.)
Let me know if there's more versioning info I need to look up.
Here are sections from a couple of different e-mails that were let
through (internet headers only):
X-Inapac-InapacSpamCop: Found to be clean, not spam, SpamAssassin
(score=0.158, required 4,
autolearn=disabled, ALL_TRUSTED -2.82, HTML_60_70 0.03,
HTML_FONT_BIG 0.23, HTML_MESSAGE 0.00, MARKETING_PARTNERS 0.72,
URIBL_OB_SURBL 2.00)
X-InapacSpamCop-MCP:
X-InapacSpamCop-From: [EMAIL PROTECTED]
X-Inapac-InapacSpamCop-Information: Please contact your IT Staff for
more information
X-Inapac-InapacSpamCop: Found to be clean, not spam, SpamAssassin
(score=0.791, required 4,
autolearn=disabled, ALL_TRUSTED -2.82, DATE_IN_PAST_06_12 0.21,
EXCUSE_23 2.09, EXCUSE_3 0.10, FREE_SAMPLE 0.17, INFO_TLD 0.48,
MANY_EXCLAMATIONS 0.00, NO_OBLIGATION 0.56)
X-Inapac-InapacSpamCop: Found to be clean, not spam, SpamAssassin
(score=2.154, required 4,
autolearn=disabled, ALL_TRUSTED -2.82, HTML_90_100 0.19,
HTML_IMAGE_ONLY_16 1.28, HTML_MESSAGE 0.00, MPART_ALT_DIFF 1.50,
URIBL_OB_SURBL 2.00), ss
One thing that stuck out to me was ALL_TRUSTED which does give -2.82
score to the messages, it still would not have hit with those scores,
but would have been closer (except for the last one, which would have
hit) I see surbl is working, good. Do you use bayes? If not this may
help (I'm not sure how OpenProtect works exactly with SA, so YMMV.)
Thanks!
Scott
-----Original Message-----
From: james [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 20, 2005 10:51 AM
To: users
Subject: Re: Spam with graphic and hotspots, no text.........
[EMAIL PROTECTED] wrote:
Ok...I've been properly chastised. Forgive the resurgence of
newbie-ism on my part. :)
I've started getting complaints about e-mails that are are just a
graphic and a couple of hot spots, no text.
Does anyone know how to mark those as spam without whacking all of the
other html formatted e-mails?
Thanks for any input!
Scott
By hot spots I'm assuming you mean that there is an image map applied to
this image. The best way, that I see to get these, is to use RBL's &
URIBL's on it. Give some info about what version etc you are using. And
what, if any, scores are hitting on these emails. Also, the ones I get
here, they for the most part have bayes 'poison' (not really poison
because the words they use are almost never in normal speech here) so
bayes training also helps on these.
Image only spams are hard to be caught, and spammers know this. If you
are blitzed right from the start with a run that has:
A) New, unlisted zombies
B) New, unlisted URI's
C) New, spam that is not in razor2 (as you run that)
you are kinda stuck in this matter. If the spammers adds bayes 'poison'
then you can usually get a few more points of this (as it is usually
just a bunch of junk anyway.) Lately I've seen a lot of spam with a
single image with a map, and a few URL's. Normally they come in at the
weee hours of the morning, when no one is around. After I come in, the
parts that can be listed are listed, so not much recourse here. If your
users send a lot of images, you are also stuck in that you can't add a
lot of points for images only (as we can because our attachments are of
a different type, and I have their mail users white listed.) If you are
in the position to have the ability to white list (use the one that
allows you to use the received part of the message along with the
address, see the man pages for this) your customers. Only thing I can
see is also bumping the scores ever so slightly.
Sorry there isn't much more to do, spam sucks :-D
HTH
PS. please reply to the list.
--
Thanks,
James
