Martin.Hepworth writes: > Hmm > > I'm still running 3.1.8...... I think you need 3.2.x for the MIMEHeader plugin.
--j. > Content analysis details: (7.4 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > 1.5 HOST_EQ_NL HOST_EQ_NL > 3.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address > [botnet_ipinhosntame,ip=62.163.207.251,rdns=a207251.upc-a.chello.nl] > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0064] > 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see <http://www.spamcop.net/bl.shtml?62.163.207.251>] > 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL > [62.163.207.251 listed in zen.spamhaus.org] > > I just bumped the BOTNET_IPINHOSTNAME score so I score above my 5 limit now.. > > Don't run RCVD_IN_SORBS_DUL as I found it FP heavy for my environment > > I expect to see mp's in my environment, so that's maybe why bayes was at the > opposite end of the score spectrum to you. > > No JM_STORM_MP3 though....maybe a 3.1.8/3.2.3 thing, it lint's clean. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: UxBoD [mailto:[EMAIL PROTECTED] > > Sent: 19 October 2007 09:14 > > To: Martin.Hepworth > > Cc: [EMAIL PROTECTED] > > Subject: Re: MP3 Spam > > > > Hmmm, hit okay here Martin :- > > > > X-Spam-Status: Yes, score=27.6 required=10.0 > > tests=BAYES_99,BOTNET,CRM114_CHECK, > > > > HELO_DYNAMIC_CHELLO_NL,JM_STORM_MP3,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_D > > UL, > > RCVD_IN_XBL,RDNS_DYNAMIC,TVD_SPACE_RATIO autolearn=unavailable > > version=3.2.3 > > > > Regards, > > > > --[ UxBoD ]-- > > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > > // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] > > > > ----- Original Message ----- > > From: "Martin.Hepworth" <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Sent: Friday, October 19, 2007 9:11:38 AM (GMT) Europe/London > > Subject: RE: MP3 Spam > > > > > > > > http://www.solidstatelogic.com/mp3-spam.txt > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: UxBoD [mailto:[EMAIL PROTECTED] > > > Sent: 19 October 2007 09:01 > > > To: Martin.Hepworth > > > Cc: [EMAIL PROTECTED] > > > Subject: Re: MP3 Spam > > > > > > Can you post a copy online Martin ? need a few examples to find the > > common > > > elements. > > > > > > Regards, > > > > > > --[ UxBoD ]-- > > > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > > > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > > > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > > > // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] > > > > > > ----- Original Message ----- > > > From: "Martin.Hepworth" <[EMAIL PROTECTED]> > > > To: [EMAIL PROTECTED] > > > Sent: Friday, October 19, 2007 9:00:39 AM (GMT) Europe/London > > > Subject: RE: MP3 Spam > > > > > > > > > Just tried this on an example we had overnight and it's didn't hit ;-( > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: UxBoD [mailto:[EMAIL PROTECTED] > > > > Sent: 19 October 2007 08:45 > > > > To: Justin Mason > > > > Cc: users@spamassassin.apache.org > > > > Subject: Re: MP3 Spam > > > > > > > > Thanks Justin. Do they all follow the same patterns ? > > > > > > > > Regards, > > > > > > > > --[ UxBoD ]-- > > > > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg -- > > import" > > > > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > > > > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > > > > // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] > > > > > > > > ----- Original Message ----- > > > > From: "Justin Mason" <[EMAIL PROTECTED]> > > > > To: [EMAIL PROTECTED] > > > > Cc: users@spamassassin.apache.org > > > > Sent: Thursday, October 18, 2007 8:24:35 PM (GMT) Europe/London > > > > Subject: Re: MP3 Spam > > > > > > > > > > > > UxBoD writes: > > > > > Does anybody have one of these, or different one, that you could > > > upload > > > > somewhere so can do some analysis ? > > > > > > > > sure: http://taint.org/x/2007/mp3spam.txt > > > > anyway, these rules catch them as far as I can tell: > > > > > > > > ifplugin Mail::SpamAssassin::Plugin::MIMEHeader > > > > mimeheader __CTYPE_STORM_MP3_1 Content-Type:raw =~ /^audio\/mpeg;\n > > > > name=\"[a-z]+\.mp3\"$/s > > > > mimeheader __CDISP_STORM_MP3_1 Content-Disposition:raw =~ > > /^inline;\n > > > > filename=\"[a-z]+\.mp3\"$/s > > > > mimeheader __CTYPE_STORM_MP3_2 Content-Type:raw =~ > > > > /^audio\/mpeg;\n\tname=\"[a-z]+\.mp3\"$/s > > > > mimeheader __CDISP_STORM_MP3_2 Content-Disposition:raw =~ > > > > /^attachment;\n\tfilename=\"[a-z]+\.mp3\"$/s > > > > > > > > meta JM_STORM_MP3 ((__CTYPE_STORM_MP3_1&&__CDISP_STORM_MP3_1) > > || > > > > (__CTYPE_STORM_MP3_2&&__CDISP_STORM_MP3_2)) > > > > > > > > > > > > --j. > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > > > > > > > > > > > > > > > ********************************************************************** > > > Confidentiality : This e-mail and any attachments are intended for the > > > addressee only and may be confidential. If they come to you in error > > > you must take no action based on them, nor must you copy or show them > > > to anyone. Please advise the sender by replying to this e-mail > > > immediately and then delete the original from your computer. > > > Opinion : Any opinions expressed in this e-mail are entirely those of > > > the author and unless specifically stated to the contrary, are not > > > necessarily those of the author's employer. > > > Security Warning : Internet e-mail is not necessarily a secure > > > communications medium and can be subject to data corruption. We advise > > > that you consider this fact when e-mailing us. > > > Viruses : We have taken steps to ensure that this e-mail and any > > > attachments are free from known viruses but in keeping with good > > > computing practice, you should ensure that they are virus free. > > > > > > Red Lion 49 Ltd T/A Solid State Logic > > > Registered as a limited company in England and Wales > > > (Company No:5362730) > > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > > United Kingdom > > > ********************************************************************** > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > **********************************************************************