Robert Schetterer wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
arni schrieb:
Raymond Myren schrieb:
Hello,
Just today I started receiving spam mails with attached .pdf files
with a spam image.
Any ideas how to stop this spam type?
\raymond
as i said several times on this maillist now, i've never had any of
these mails get through, here is how the current ones score:
X-Spam-Status: Yes, score=16.6 required=5.0 tests=BAYES_99,BOTNET,
BOTNET_NORDNS,DCC_CHECK,DKIM_POLICY_SIGNSOME,HTML_MESSAGE,LOGINHASH1,
LOGINHASH2,MIME_HTML_MOSTLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RDNS_NONE
autolearn=no version=3.2.0
X-Spam-Report: * 5.5 BAYES_99 BODY: Bayesian spam probability is 99
to 100%
* [score: 1.0000]
* 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
* 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?85.138.88.254>]
* 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [85.138.88.254 listed in zen.spamhaus.org]
* 3.0 BOTNET Relay might be a spambot or virusbot
* [botnet0.7,ip=85.138.88.254,nordns]
* 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says
domain
* signs some mails
* 0.0 BOTNET_NORDNS Relay's IP address has no PTR record
* [botnet_nordns,ip=85.138.88.254]
* 0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.5 LOGINHASH2 BODY: mail has been classified as spam @ unknown
company,
* Germany
* 1.5 LOGINHASH1 BODY: mail has been classified as spam @
LogIn&Solutions
* AG, Germany
* 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
arni
you are in a luck,
you are a "late reciever" of that spam, so it was detected
by others before ( look at your headers )
but it wasnt detected by i.e a plain pdf_spam rule/solution
( like fuzzy_ocr etc )
this is what i am looking for
His success didn't depend upon that luck. Even without the LOGINHASH*
and DCC_CHECK, or even BAYES, he still had a high enough score to flag
it as spam.
