Thank you for everyone replying on my question on windows live.com spam, now
getting hits using URI checks and free_email rules
----- Original Message -----
From: "Bowie Bailey" <bowie_bai...@buc.com>
To: <users@spamassassin.apache.org>
Sent: Wednesday, March 25, 2009 3:02 PM
Subject: RE: Spam from windows live
Chris wrote:
On Wed, 2009-03-25 at 02:59 +0200, jcput...@centreweb.co.za wrote:
> i am receiving spam all the time from windows live accounts,
> spamassassin doesnt even have one hit.. i am using sought rule with
> openprotects sare rules with dcc,pyzor,razor2 and iXhash.
>
> i create a rule to stop spam containing windows live spaces but
> spam like this one doesnt even get a hit.
>
> here is a raw header of a mail
>
> Return-Path: <ethelindkjbhjydkh...@live.com>
> X-Original-To: jcput...@centreweb.co.za
> Delivered-To: jcput...@centreweb.co.za
> Received: from mail.centreweb.co.za (localhost [127.0.0.1])
> by office.numata.local (Postfix) with ESMTP id 516E24BDB4
> for <jcput...@centreweb.co.za>; Tue, 24 Mar 2009 19:43:29 +0200
> (SAST)
> X-Original-To: jcput...@centreweb.co.za
> Received: from bay0-omc1-s25.bay0.hotmail.com
> (bay0-omc1-s25.bay0.hotmail.com [65.54.246.97]) by
> mail.centreweb.co.za (Postfix) with ESMTP id ACDD1160796 for
> <jcput...@centreweb.co.za>; Tue, 24 Mar 2009 23:31:34 +0200 (SAST)
> Received: from BAY102-W23 ([64.4.61.123]) by
> bay0-omc1-s25.bay0.hotmail.com with Microsoft
> SMTPSVC(6.0.3790.3959); Tue, 24 Mar 2009 14:31:37 -0700
> Message-ID: <bay102-w23b420165a9a8e15cefadda9...@phx.gbl>
> Content-Type: multipart/alternative;
> boundary="_6a0f2882-1775-43b5-9655-4147fe68795d_"
> X-Originating-IP: [92.48.45.254]
> From: drake ethelind <ethelindkjbhjydkh...@live.com>
> To: <appe...@gmail.com>, <jcput...@centreweb.co.za>
> Subject: Hot teen deep f: uc-king giant dog c:o ck
> Date: Tue, 24 Mar 2009 21:31:38 +0000
> Importance: Normal
> MIME-Version: 1.0
> X-OriginalArrivalTime: 24 Mar 2009 21:31:37.0912 (UTC)
> FILETIME=[E9E1AB80:01C9ACC7]
> X-numata_local-MailScanner-ID: 516E24BDB4.877C7
> X-numata_local-MailScanner: Found to be clean
> X-numata_local-MailScanner-From: ethelindkjbhjydkh...@live.com
> X-Spam-Status: No
>
>
Scored above my threshold here:
Content analysis details: (7.2 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.0 RCVD_IN_BRBL_RELAY RBL: received via a relay rated as poor by
Barracuda
[92.48.45.254 listed in
bb.barracudacentral.org]
0.5 FREEMAIL_FROM From-address is freemail domain
1.0 BAYES_50 BODY: Bayesian spam probability is 40 to
60% [score: 0.5304]
2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
-0.0 DCC_CHECK_NEGATIVE Not listed in DCC
[localhost 1085; Body=0]
1.4 EMPTY_MESSAGE Message appears to have no textual parts and
no
Subject: text
1.0 SAGREY Adds 1.0 to spam from first-time senders
The only two of those that are relevant are RCVD_IN_BRBL_RELAY and
FREEMAIL_FROM. That gives a score of only 1.5.
BAYES_50 means Bayes has no opinion, the score for that should be 0.
TVD_SPACE_RATIO and EMPTY_MESSAGE are there simply because the OP didn't
include the body.
SAGREY may or may not continue to hit on the spam depending on how it is
being sent.
Maybe if we could see the body of the message, there would be more ways
to block it. (post it to pastebin or something and give us a link,
please don't send spams to the list)
--
Bowie
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 3962 (20090325) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 3962 (20090325) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
