Robert Fitzpatrick wrote: > Still getting these attachments with SA-3.1.7 + SARE + sa-update + > amavisd + clamav with sanesecurity sigs. Should I be blocking these > with those rule sets? Can someone test this to see how you may be > blocking? > > http://esmtp.webtent.net/mail1.txt > > Thanks :)
Content analysis details: (12.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d 0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings [botnet_clientwords,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com] 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,maildomain=benmenasha.net,client,ipinhostname,clientwords] 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain signs some mails 0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address [botnet_ipinhosntame,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com] 0.0 BOTNET_CLIENT Relay has a client-like hostname [botnet_client,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,ipinhostname,clientwords] 1.9 RCVD_ILLEGAL_IP Received: contains illegal IP address 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99% [score: 0.9899] 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO 0.1 BOUNCE_MESSAGE MTA bounce message 0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce message