No, MIMEHeader works fine with 3.1.x.... - Jeremy
"Justin Mason" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Martin.Hepworth writes: >> Hmm >> >> I'm still running 3.1.8...... > > I think you need 3.2.x for the MIMEHeader plugin. > > --j. > >> Content analysis details: (7.4 points, 5.0 required) >> >> pts rule name description >> ---- ---------------------- >> -------------------------------------------------- >> 1.5 HOST_EQ_NL HOST_EQ_NL >> 3.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address >> >> [botnet_ipinhosntame,ip=62.163.207.251,rdns=a207251.upc-a.chello.nl] >> -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% >> [score: 0.0064] >> 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net >> [Blocked - see >> <http://www.spamcop.net/bl.shtml?62.163.207.251>] >> 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL >> [62.163.207.251 listed in zen.spamhaus.org] >> >> I just bumped the BOTNET_IPINHOSTNAME score so I score above my 5 limit now.. >> >> Don't run RCVD_IN_SORBS_DUL as I found it FP heavy for my environment >> >> I expect to see mp's in my environment, so that's maybe why bayes was at the >> opposite end of the score spectrum to you. >> >> No JM_STORM_MP3 though....maybe a 3.1.8/3.2.3 thing, it lint's clean. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> > -----Original Message----- >> > From: UxBoD [mailto:[EMAIL PROTECTED] >> > Sent: 19 October 2007 09:14 >> > To: Martin.Hepworth >> > Cc: [EMAIL PROTECTED] >> > Subject: Re: MP3 Spam >> > >> > Hmmm, hit okay here Martin :- >> > >> > X-Spam-Status: Yes, score=27.6 required=10.0 >> > tests=BAYES_99,BOTNET,CRM114_CHECK, >> > >> > HELO_DYNAMIC_CHELLO_NL,JM_STORM_MP3,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_D >> > UL, >> > RCVD_IN_XBL,RDNS_DYNAMIC,TVD_SPACE_RATIO autolearn=unavailable >> > version=3.2.3 >> > >> > Regards, >> > >> > --[ UxBoD ]-- >> > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> > // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] >> > >> > ----- Original Message ----- >> > From: "Martin.Hepworth" <[EMAIL PROTECTED]> >> > To: [EMAIL PROTECTED] >> > Cc: [EMAIL PROTECTED] >> > Sent: Friday, October 19, 2007 9:11:38 AM (GMT) Europe/London >> > Subject: RE: MP3 Spam >> > >> > >> > >> > http://www.solidstatelogic.com/mp3-spam.txt >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> > > -----Original Message----- >> > > From: UxBoD [mailto:[EMAIL PROTECTED] >> > > Sent: 19 October 2007 09:01 >> > > To: Martin.Hepworth >> > > Cc: [EMAIL PROTECTED] >> > > Subject: Re: MP3 Spam >> > > >> > > Can you post a copy online Martin ? need a few examples to find the >> > common >> > > elements. >> > > >> > > Regards, >> > > >> > > --[ UxBoD ]-- >> > > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> > > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> > > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> > > // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] >> > > >> > > ----- Original Message ----- >> > > From: "Martin.Hepworth" <[EMAIL PROTECTED]> >> > > To: [EMAIL PROTECTED] >> > > Sent: Friday, October 19, 2007 9:00:39 AM (GMT) Europe/London >> > > Subject: RE: MP3 Spam >> > > >> > > >> > > Just tried this on an example we had overnight and it's didn't hit ;-( >> > > >> > > -- >> > > Martin Hepworth >> > > Snr Systems Administrator >> > > Solid State Logic >> > > Tel: +44 (0)1865 842300 >> > > >> > > > -----Original Message----- >> > > > From: UxBoD [mailto:[EMAIL PROTECTED] >> > > > Sent: 19 October 2007 08:45 >> > > > To: Justin Mason >> > > > Cc: users@spamassassin.apache.org >> > > > Subject: Re: MP3 Spam >> > > > >> > > > Thanks Justin. Do they all follow the same patterns ? >> > > > >> > > > Regards, >> > > > >> > > > --[ UxBoD ]-- >> > > > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg -- >> > import" >> > > > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> > > > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> > > > // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] >> > > > >> > > > ----- Original Message ----- >> > > > From: "Justin Mason" <[EMAIL PROTECTED]> >> > > > To: [EMAIL PROTECTED] >> > > > Cc: users@spamassassin.apache.org >> > > > Sent: Thursday, October 18, 2007 8:24:35 PM (GMT) Europe/London >> > > > Subject: Re: MP3 Spam >> > > > >> > > > >> > > > UxBoD writes: >> > > > > Does anybody have one of these, or different one, that you could >> > > upload >> > > > somewhere so can do some analysis ? >> > > > >> > > > sure: http://taint.org/x/2007/mp3spam.txt >> > > > anyway, these rules catch them as far as I can tell: >> > > > >> > > > ifplugin Mail::SpamAssassin::Plugin::MIMEHeader >> > > > mimeheader __CTYPE_STORM_MP3_1 Content-Type:raw =~ /^audio\/mpeg;\n >> > > > name=\"[a-z]+\.mp3\"$/s >> > > > mimeheader __CDISP_STORM_MP3_1 Content-Disposition:raw =~ >> > /^inline;\n >> > > > filename=\"[a-z]+\.mp3\"$/s >> > > > mimeheader __CTYPE_STORM_MP3_2 Content-Type:raw =~ >> > > > /^audio\/mpeg;\n\tname=\"[a-z]+\.mp3\"$/s >> > > > mimeheader __CDISP_STORM_MP3_2 Content-Disposition:raw =~ >> > > > /^attachment;\n\tfilename=\"[a-z]+\.mp3\"$/s >> > > > >> > > > meta JM_STORM_MP3 ((__CTYPE_STORM_MP3_1&&__CDISP_STORM_MP3_1) >> > || >> > > > (__CTYPE_STORM_MP3_2&&__CDISP_STORM_MP3_2)) >> > > > >> > > > >> > > > --j. >> > > > >> > > > -- >> > > > This message has been scanned for viruses and >> > > > dangerous content by MailScanner, and is >> > > > believed to be clean. >> > > > >> > > > >> > > > >> > > > -- >> > > > This message has been scanned for viruses and >> > > > dangerous content by MailScanner, and is >> > > > believed to be clean. >> > > >> > > >> > > >> > > >> > > >> > > ********************************************************************** >> > > Confidentiality : This e-mail and any attachments are intended for the >> > > addressee only and may be confidential. If they come to you in error >> > > you must take no action based on them, nor must you copy or show them >> > > to anyone. Please advise the sender by replying to this e-mail >> > > immediately and then delete the original from your computer. >> > > Opinion : Any opinions expressed in this e-mail are entirely those of >> > > the author and unless specifically stated to the contrary, are not >> > > necessarily those of the author's employer. >> > > Security Warning : Internet e-mail is not necessarily a secure >> > > communications medium and can be subject to data corruption. We advise >> > > that you consider this fact when e-mailing us. >> > > Viruses : We have taken steps to ensure that this e-mail and any >> > > attachments are free from known viruses but in keeping with good >> > > computing practice, you should ensure that they are virus free. >> > > >> > > Red Lion 49 Ltd T/A Solid State Logic >> > > Registered as a limited company in England and Wales >> > > (Company No:5362730) >> > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> > > United Kingdom >> > > ********************************************************************** >> > > >> > > >> > > -- >> > > This message has been scanned for viruses and >> > > dangerous content by MailScanner, and is >> > > believed to be clean. >> > > >> > > >> > > >> > > -- >> > > This message has been scanned for viruses and >> > > dangerous content by MailScanner, and is >> > > believed to be clean. >> > >> > >> > >> > >> > >> > ********************************************************************** >> > Confidentiality : This e-mail and any attachments are intended for the >> > addressee only and may be confidential. If they come to you in error >> > you must take no action based on them, nor must you copy or show them >> > to anyone. Please advise the sender by replying to this e-mail >> > immediately and then delete the original from your computer. >> > Opinion : Any opinions expressed in this e-mail are entirely those of >> > the author and unless specifically stated to the contrary, are not >> > necessarily those of the author's employer. >> > Security Warning : Internet e-mail is not necessarily a secure >> > communications medium and can be subject to data corruption. We advise >> > that you consider this fact when e-mailing us. >> > Viruses : We have taken steps to ensure that this e-mail and any >> > attachments are free from known viruses but in keeping with good >> > computing practice, you should ensure that they are virus free. >> > >> > Red Lion 49 Ltd T/A Solid State Logic >> > Registered as a limited company in England and Wales >> > (Company No:5362730) >> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> > United Kingdom >> > ********************************************************************** >> > >> > >> > -- >> > This message has been scanned for viruses and >> > dangerous content by MailScanner, and is >> > believed to be clean. >> > >> > >> > >> > -- >> > This message has been scanned for viruses and >> > dangerous content by MailScanner, and is >> > believed to be clean. >> >> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >