At 01:53 PM 4/9/2007, Robert Fitzpatrick wrote:
Can anyone run any of these messages to see how your rules score them?
Mostly stock symbol spam. I've been improving our scoring with updates
today, but still not able to come up with any rules to cover these:
http://esmtp.webtent.net/mail1.txt
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=88.155.128.48,hostname=bzq-88-155-128-48.red.bezeqint.net,maildomain=natuurfoto.com,client,ipinhostname]
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[88.155.128.48 listed in dnsbl.sorbs.net]
3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[88.155.128.48 listed in sbl-xbl.spamhaus.org]
http://esmtp.webtent.net/mail2.txt
X-Spam-Status: No, score=2.7 required=5.0 tests=HTML_IMAGE_ONLY_16,
HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_BOUND_NEXTPART,SARE_SPEC_LEO_LINE03e,
SHORT_HELO_AND_INLINE_IMAGE autolearn=no version=3.1.8
http://esmtp.webtent.net/mail3.txt
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=84.2.4.148,hostname=dsl54020494.pool.t-online.hu,maildomain=saarcom.de,client,ipinhostname,clientwords]
http://esmtp.webtent.net/mail4.txt
X-Spam-Status: No, score=0.2 required=5.0 tests=RCVD_ILLEGAL_IP autolearn=no
version=3.1.8
That's my system...
