Re: spam test

Mon, 09 Apr 2007 15:42:17 -0700

We dont use Botnet anymore, it fires on anything/everything and drives me nuts. 

Content analysis details:   (7.5 points, 5.0 required)

 pts rule name              description
---- ---------------------- -------------------------------------------------- 
 1.5 FH_RELAY_NODNS         We could not determine your Reverse DNS
-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.1 FORGED_RCVD_HELO       Received: contains a forged HELO
-0.0 SPF_PASS               SPF: sender matches SPF record
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address 
                            [88.155.128.48 listed in dnsbl.sorbs.net]
 3.9 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
                            [88.155.128.48 listed in zen.spamhaus.org]

Evan Platt wrote:

At 01:53 PM 4/9/2007, Robert Fitzpatrick wrote:

Can anyone run any of these messages to see how your rules score them?
Mostly stock symbol spam. I've been improving our scoring with updates
today, but still not able to come up with any rules to cover these:

http://esmtp.webtent.net/mail1.txt


 pts rule name              description
---- ---------------------- -------------------------------------------------- 
 5.0 BOTNET                 Relay might be a spambot or virusbot
[botnet0.7,ip=88.155.128.48,hostname=bzq-88-155-128-48.red.bezeqint.net,maildomain=natuurfoto.com,client,ipinhostname] 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address 
                            [88.155.128.48 listed in dnsbl.sorbs.net]
 3.1 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
                            [88.155.128.48 listed in sbl-xbl.spamhaus.org]



http://esmtp.webtent.net/mail2.txt


X-Spam-Status: No, score=2.7 required=5.0 tests=HTML_IMAGE_ONLY_16,
HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_BOUND_NEXTPART,SARE_SPEC_LEO_LINE03e, 
        SHORT_HELO_AND_INLINE_IMAGE autolearn=no version=3.1.8


http://esmtp.webtent.net/mail3.txt



 pts rule name              description
---- ---------------------- -------------------------------------------------- 
 5.0 BOTNET                 Relay might be a spambot or virusbot
[botnet0.7,ip=84.2.4.148,hostname=dsl54020494.pool.t-online.hu,maildomain=saarcom.de,client,ipinhostname,clientwords] 



http://esmtp.webtent.net/mail4.txt
X-Spam-Status: No, score=0.2 required=5.0 tests=RCVD_ILLEGAL_IP autolearn=no 
        version=3.1.8

That's my system...

Reply via email to